CVE-2024-24891

low-risk
Published 2024-04-15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10 Medium
LOCAL / LOW complexity

References (10)

https://gitee.com/openeuler/kernel/pulls/2810
https://gitee.com/src-openeuler/kernel/pulls/1320
https://gitee.com/src-openeuler/kernel/pulls/1321
https://gitee.com/src-openeuler/kernel/pulls/1322
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://gitee.com/openeuler/kernel/pulls/2810
https://gitee.com/src-openeuler/kernel/pulls/1320
https://gitee.com/src-openeuler/kernel/pulls/1321
https://gitee.com/src-openeuler/kernel/pulls/1322
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
25
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal