Multiple vulnerabilities in Dell Cloud Tiering Appliance
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 49 |
| CVE-ID | CVE-2024-46695 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947 CVE-2022-48911 CVE-2022-48945 CVE-2024-36971 CVE-2024-41087 CVE-2024-44946 CVE-2024-45003 CVE-2024-45021 CVE-2024-46774 CVE-2024-42271 CVE-2024-6345 CVE-2024-31145 CVE-2024-31146 CVE-2024-6923 CVE-2024-7592 CVE-2023-31315 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVE-2024-43861 CVE-2024-42232 CVE-2022-48853 CVE-2024-5535 CVE-2023-50782 CVE-2024-7348 CVE-2022-0854 CVE-2022-20368 CVE-2022-48686 CVE-2022-48791 CVE-2022-48802 CVE-2022-48805 CVE-2022-48839 CVE-2022-48872 CVE-2024-42077 CVE-2022-48873 CVE-2022-48901 CVE-2022-48912 CVE-2022-48919 CVE-2022-48925 CVE-2023-52854 CVE-2024-26583 CVE-2024-26584 CVE-2024-26800 CVE-2024-41011 CVE-2024-41062 |
| CWE-ID | CWE-667 CWE-20 CWE-401 CWE-416 CWE-119 CWE-415 CWE-665 CWE-94 CWE-388 CWE-399 CWE-77 CWE-400 CWE-264 CWE-125 CWE-203 CWE-367 CWE-362 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Vulnerability #7 is being exploited in the wild. Public exploit code for vulnerability #9 is available. |
| Vulnerable software |
EMC Cloud Tiering Appliance Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 49 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/459584258d47ec3cc6245a82e8a49c9d08eb8b57
https://git.kernel.org/stable/c/f71ec019257ba4f7ab198bd948c5902a207bad96
https://git.kernel.org/stable/c/76a0e79bc84f466999fa501fce5bf7a07641b8a7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.49
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f
https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada
https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759
https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64
https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1
https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e
https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e
https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.106
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.47
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89
https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80
https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174
https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2
https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14
https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37
https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54
https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4
https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6
https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5
https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.321
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Use-after-free
EUVDB-ID: #VU96410
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95
https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5
https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3
https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff
https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a
https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43
https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee
https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.270
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.305
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU97681
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663
https://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a
https://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9
https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6
https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f
https://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142
https://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74cb3998b
https://git.kernel.org/stable/c/2f558c5208b0f70c8140e08ce09fcc84da48e789
https://git.kernel.org/stable/c/94a7ad9283464b75b12516c5512541d467cefcf8
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2
https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f
https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe
https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047
https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5
https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3
https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76
https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849
https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da
https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23
https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.321
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72
https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8
https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88
https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98
https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32
https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f
https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.321
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU97563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46774
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8
https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876
https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84
https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d
https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.104
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.45
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Code Injection
EUVDB-ID: #VU95339
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6345
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU96006
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper error handling in x86 IOMMU identity mapping. A malicious guest can access memory regions related to other guests or the hypervisor.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://xenbits.xen.org/xsa/advisory-460.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU96007
Risk: Medium
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31146
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper management of shared resources when using PCI pass-through. A malicious guest can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://xenbits.xen.org/xsa/advisory-461.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Command Injection
EUVDB-ID: #VU95571
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6923
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of newlines for email headers when
serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://github.com/python/cpython/pull/122233
https://github.com/python/cpython/issues/121650
https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource exhaustion
EUVDB-ID: #VU96945
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-7592
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the 'http.cookies' standard library module when parsing cookies that contained backslashes for quoted characters in the cookie value. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://github.com/python/cpython/pull/123075
https://github.com/python/cpython/issues/123067
https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/
https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621
https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1
https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06
https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a
https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f
https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU96619
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31315
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation in a model specific register (MSR). A malicious application with ring0 access can modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU98647
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21208
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU98645
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU98648
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU98644
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.oracle.com/security-alerts/cpuoct2024.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662
https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4
https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5
https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f
https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446
https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384
https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882
https://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf
https://git.kernel.org/stable/c/63e5d035e3a7ab7412a008f202633c5e6a0a28ea
https://git.kernel.org/stable/c/34b76d1922e41da1fa73d43b764cddd82ac9733c
https://git.kernel.org/stable/c/20cf67dcb7db842f941eff1af6ee5e9dc41796d7
https://git.kernel.org/stable/c/2d33654d40a05afd91ab24c9a73ab512a0670a9a
https://git.kernel.org/stable/c/9525af1f58f67df387768770fcf6d6a8f23aee3d
https://git.kernel.org/stable/c/33d38c5da17f8db2d80e811b7829d2822c10625e
https://git.kernel.org/stable/c/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU94397
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753
https://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534
https://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192
https://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026
https://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f
https://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63
https://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e
https://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.281
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.245
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.320
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.189
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.openssl.org/news/secadv/20240627.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Observable discrepancy
EUVDB-ID: #VU88199
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50782
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://access.redhat.com/security/cve/CVE-2023-50782
https://bugzilla.redhat.com/show_bug.cgi?id=2254432
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU95605
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-7348
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to a race condition when executing concurrent pg_dump sessions. A remote user with privileges to create and drop non-temporary objects can execute arbitrary SQL commands with the privileges of the role running pg_dump (which is often a superuser).
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://www.postgresql.org/support/security/CVE-2024-7348/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU63427
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://source.android.com/security/bulletin/pixel/2022-08-01
https://android.googlesource.com/kernel/common/+/a0046956bf6fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3
https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff
https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5
https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886
https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.213
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU94460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/db3f3636e4aed2cba3e4e7897a053323f7a62249
https://git.kernel.org/stable/c/a8dd0cfa37792863b6c4bf9542975212a6715d49
https://git.kernel.org/stable/c/05d3f8045efa59457b323caf00bdb9273b7962fa
https://git.kernel.org/stable/c/24d7275ce2791829953ed4e72f68277ceb2571c6
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382
https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740
https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930
https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d
https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d
https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb
https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274
https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.268
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.303
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.180
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0
https://git.kernel.org/stable/c/b1e27cda1e3c12b705875bb7e247a97168580e33
https://git.kernel.org/stable/c/a33dd1e6693f80d805155b3f69c18c2f642915da
https://git.kernel.org/stable/c/268dcf1f7b3193bc446ec3d14e08a240e9561e4d
https://git.kernel.org/stable/c/70b7b3c055fd4a464da8da55ff4c1f84269f9b02
https://git.kernel.org/stable/c/a055f5f2841f7522b44a2b1eccb1951b4b03d51a
https://git.kernel.org/stable/c/ef591b35176029fdefea38e8388ffa371e18f4b2
https://git.kernel.org/stable/c/c700525fcc06b05adfea78039de02628af79e07a
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.236
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.308
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.108
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.31
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.187
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU96329
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_map_put() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/556dfdb226ce1e5231d8836159b23f8bb0395bf4
https://git.kernel.org/stable/c/b171d0d2cf1b8387c72c8d325c5d5746fa271e39
https://git.kernel.org/stable/c/61a0890cb95afec5c8a2f4a879de2b6220984ef1
https://git.kernel.org/stable/c/079c78c68714f7d8d58e66c477b0243b31806907
https://git.kernel.org/stable/c/96b328d119eca7563c1edcc4e1039a62e6370ecb
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.90
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.230
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687
https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a
https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4
https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111
https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6
https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU96330
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48873
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_free_map(), fastrpc_buf_free() and fastrpc_device_release() functions in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/4b5c44e924a571d0ad07054de549624fbc04e4d7
https://git.kernel.org/stable/c/193cd853145b63e670bd73740250983af1475330
https://git.kernel.org/stable/c/1b7b7bb400dd13dcb03fc6e591bb7ca4664bbec8
https://git.kernel.org/stable/c/35ddd482345c43d9eec1f3406c0f20a95ed4054b
https://git.kernel.org/stable/c/5bb96c8f9268e2fdb0e5321cbc358ee5941efc15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.90
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.230
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU96434
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48901
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e
https://git.kernel.org/stable/c/5e70bc827b563caf22e1203428cc3719643de5aa
https://git.kernel.org/stable/c/b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU96411
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48912
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_register_net_hook() function in net/netfilter/core.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/05f7927b25d2635e87267ff6c79db79fb46cf313
https://git.kernel.org/stable/c/bdd8fc1b826e6f23963f5bef3f7431c6188ec954
https://git.kernel.org/stable/c/49c24579cec41e32f13d57b337fd28fb208d4a5b
https://git.kernel.org/stable/c/8b0142c4143c1ca297dcf2c0cdd045d65dae2344
https://git.kernel.org/stable/c/bd61f192a339b1095dfd6d56073a5265934c2979
https://git.kernel.org/stable/c/5a8076e98dde17224dd47283b894a8b1dbe1bc72
https://git.kernel.org/stable/c/56763f12b0f02706576a088e85ef856deacc98a0
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.270
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU96413
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/da834d6c1147c7519a9e55b510a03b7055104749
https://git.kernel.org/stable/c/147a0e71ccf96df9fc8c2ac500829d8e423ef02c
https://git.kernel.org/stable/c/2fe0e281f7ad0a62259649764228227dd6b2561d
https://git.kernel.org/stable/c/e208668ef7ba23efcbf76a8200cab8deee501c4d
https://git.kernel.org/stable/c/df9db1a2af37f39ad1653c7b9b0d275d72d0bc67
https://git.kernel.org/stable/c/546d60859ecf13380fcabcbeace53a5971493a2b
https://git.kernel.org/stable/c/563431c1f3c8f2230e4a9c445fa23758742bc4f0
https://git.kernel.org/stable/c/3d6cc9898efdfb062efb74dc18cfc700e082f5d5
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.270
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.305
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU96414
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/5b1cef5798b4fd6e4fd5522e7b8a26248beeacaa
https://git.kernel.org/stable/c/00265efbd3e5705038c9492a434fda8cf960c8a2
https://git.kernel.org/stable/c/d350724795c7a48b05bf921d94699fbfecf7da0b
https://git.kernel.org/stable/c/22e9f71072fa605cbf033158db58e0790101928d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.103
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90083
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/41aad9d6953984d134fc50f631f24ef476875d4d
https://git.kernel.org/stable/c/0dd34a7ad395dbcf6ae60e48e9786050e25b9bc5
https://git.kernel.org/stable/c/c7c26d0ef5d20f00dbb2ae3befcabbe0efa77275
https://git.kernel.org/stable/c/1e901bcb8af19416b65f5063a4af7996e5a51d7f
https://git.kernel.org/stable/c/1734a79e951914f1db2c65e635012a35db1c674b
https://git.kernel.org/stable/c/7ddc21e317b360c3444de3023bcc83b85fabae2f
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.139
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d
https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01
https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a
https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3
https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754
https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694
https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU90210
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe
https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89
https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.21
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28
https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724
https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5
https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsEMC Cloud Tiering Appliance: before 13.2.0.2.32
CPE2.3 External linkshttps://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf
https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6
https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629
https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.42
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
