Risk | Low |
Patch available | YES |
Number of vulnerabilities | 80 |
CVE-ID | CVE-2023-52920 CVE-2024-45010 CVE-2024-46698 CVE-2024-46713 CVE-2024-46765 CVE-2024-47678 CVE-2024-47707 CVE-2024-47712 CVE-2024-47745 CVE-2024-47747 CVE-2024-47749 CVE-2024-49856 CVE-2024-49885 CVE-2024-49899 CVE-2024-49914 CVE-2024-49915 CVE-2024-50024 CVE-2024-50031 CVE-2024-50038 CVE-2024-50039 CVE-2024-50045 CVE-2024-50062 CVE-2024-50085 CVE-2024-50093 CVE-2024-50098 CVE-2024-50141 CVE-2024-50143 CVE-2024-50148 CVE-2024-50154 CVE-2024-50157 CVE-2024-50162 CVE-2024-50166 CVE-2024-50169 CVE-2024-50170 CVE-2024-50171 CVE-2024-50182 CVE-2024-50191 CVE-2024-50192 CVE-2024-50195 CVE-2024-50203 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50216 CVE-2024-50217 CVE-2024-50223 CVE-2024-50230 CVE-2024-50234 CVE-2024-50236 CVE-2024-50241 CVE-2024-50248 CVE-2024-50255 CVE-2024-50258 CVE-2024-50262 CVE-2024-50265 CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50275 CVE-2024-50276 CVE-2024-50283 CVE-2024-50284 CVE-2024-50289 CVE-2024-50294 CVE-2024-50298 CVE-2024-50299 CVE-2024-53043 CVE-2024-53046 CVE-2024-53047 CVE-2024-53052 CVE-2024-53055 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53076 CVE-2024-53083 CVE-2024-53085 CVE-2024-53089 CVE-2016-10044 |
CWE-ID | CWE-476 CWE-399 CWE-667 CWE-416 CWE-20 CWE-119 CWE-835 CWE-908 CWE-401 CWE-191 CWE-125 CWE-404 CWE-415 CWE-388 CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 80 vulnerabilities.
EUVDB-ID: #VU99770
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BPF_MOV64_REG() and BPF_RAW_INSN() functions in tools/testing/selftests/bpf/verifier/precise.c, within the subprog_spill_reg_precise() function in tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, within the copy_verifier_state(), check_reg_arg(), is_jmp_point(), bt_is_reg_set(), calls_callback(), backtrack_insn(), __mark_chain_precision(), check_stack_write_fixed_off(), check_stack_read_fixed_off(), check_atomic(), push_jmp_history() and do_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45010
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97263
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46698
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aperture_remove_conflicting_devices(), EXPORT_SYMBOL() and aperture_remove_conflicting_pci_devices() functions in drivers/video/aperture.c, within the of_platform_default_populate_init() function in drivers/of/platform.c, within the DEFINE_MUTEX(), sysfb_unregister() and sysfb_pci_dev_is_enabled() functions in drivers/firmware/sysfb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97313
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97522
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46765
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99030
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98895
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47712
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99229
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98888
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49856
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the slab_update_freelist(), print_slab_info(), inc_slabs_node() and slab_free_hook() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99225
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98933
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49914
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98932
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99159
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50038
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99133
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50039
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99038
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99039
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99443
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50093
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99823
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50098
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100077
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50141
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50143
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100062
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100079
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50157
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_dbr_fifo_full() and __wait_for_fifo_occupancy_below_th() functions in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100075
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50162
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100052
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50166
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mac_probe() and mac_remove() functions in drivers/net/ethernet/freescale/fman/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100080
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50169
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtio_transport_read_skb() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50170
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcmasp_xmit() function in drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100056
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100147
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100127
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50191
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100150
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100139
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100141
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50208
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100148
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50209
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50216
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the xfs_filestream_pick_ag() and !() functions in fs/xfs/xfs_filestream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100165
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50217
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_close_one_device() function in fs/btrfs/volumes.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100174
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50223
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100184
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50234
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100162
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100197
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50241
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100180
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50255
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100189
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50258
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the NLA_POLICY_MIN() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50262
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100610
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100649
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50269
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100628
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50271
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100640
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50272
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100623
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100644
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50275
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100632
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50276
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mse102x_tx_frame_spi() function in drivers/net/ethernet/vertexcom/mse102x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100615
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100634
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50284
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100652
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100630
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50294
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_connect_client_calls() and rxrpc_disconnect_client_call() functions in net/rxrpc/conn_client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100627
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50298
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100631
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100747
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53043
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100743
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53046
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/arm64/boot/dts/freescale/imx8ulp.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100719
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_init_sock() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100720
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53052
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100734
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53055
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100733
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100741
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100730
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100702
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100731
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53083
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the qcom_pmic_typec_pdphy_pd_transmit_payload() function in drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100726
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53085
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100832
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53089
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_create() function in arch/loongarch/kvm/vcpu.c, within the _kvm_save_timer() function in arch/loongarch/kvm/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6642
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10044
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-57.0.0.59
python3-perf: before 6.6.0-57.0.0.59
perf-debuginfo: before 6.6.0-57.0.0.59
perf: before 6.6.0-57.0.0.59
kernel-tools-devel: before 6.6.0-57.0.0.59
kernel-tools-debuginfo: before 6.6.0-57.0.0.59
kernel-tools: before 6.6.0-57.0.0.59
kernel-source: before 6.6.0-57.0.0.59
kernel-headers: before 6.6.0-57.0.0.59
kernel-devel: before 6.6.0-57.0.0.59
kernel-debugsource: before 6.6.0-57.0.0.59
kernel-debuginfo: before 6.6.0-57.0.0.59
bpftool-debuginfo: before 6.6.0-57.0.0.59
bpftool: before 6.6.0-57.0.0.59
kernel: before 6.6.0-57.0.0.59
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.