Risk | Low |
Patch available | YES |
Number of vulnerabilities | 38 |
CVE-ID | CVE-2022-48969 CVE-2023-52784 CVE-2023-52843 CVE-2023-52885 CVE-2024-46713 CVE-2024-47735 CVE-2024-47745 CVE-2024-47747 CVE-2024-47749 CVE-2024-49899 CVE-2024-49929 CVE-2024-49952 CVE-2024-50038 CVE-2024-50045 CVE-2024-50062 CVE-2024-50073 CVE-2024-50089 CVE-2024-50143 CVE-2024-50151 CVE-2024-50179 CVE-2024-50180 CVE-2024-50192 CVE-2024-50202 CVE-2024-50205 CVE-2024-50229 CVE-2024-50230 CVE-2024-50241 CVE-2024-50244 CVE-2024-50248 CVE-2024-50262 CVE-2024-50265 CVE-2024-50269 CVE-2024-50273 CVE-2024-50289 CVE-2024-53052 CVE-2024-53061 CVE-2024-53066 CVE-2016-10044 |
CWE-ID | CWE-399 CWE-388 CWE-908 CWE-416 CWE-667 CWE-20 CWE-476 CWE-119 CWE-125 CWE-191 CWE-401 CWE-404 CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 38 vulnerabilities.
EUVDB-ID: #VU99131
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48969
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90868
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94326
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97313
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99025
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99229
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98888
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99225
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98957
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99151
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99159
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50038
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99038
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99039
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99442
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99849
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50143
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100066
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50151
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100154
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100137
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50180
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50192
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50202
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100183
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50229
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100197
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50241
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50244
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50248
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50262
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100610
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100649
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50269
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100623
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100652
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100720
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53052
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100733
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100730
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6642
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10044
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.103.0.184
python3-perf: before 5.10.0-136.103.0.184
perf-debuginfo: before 5.10.0-136.103.0.184
perf: before 5.10.0-136.103.0.184
kernel-tools-devel: before 5.10.0-136.103.0.184
kernel-tools-debuginfo: before 5.10.0-136.103.0.184
kernel-tools: before 5.10.0-136.103.0.184
kernel-source: before 5.10.0-136.103.0.184
kernel-headers: before 5.10.0-136.103.0.184
kernel-devel: before 5.10.0-136.103.0.184
kernel-debugsource: before 5.10.0-136.103.0.184
kernel-debuginfo: before 5.10.0-136.103.0.184
kernel: before 5.10.0-136.103.0.184
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.