openEuler 22.03 LTS update for kernel
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU91437
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52685
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU91606
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52694
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the tpd12s015_probe() function in drivers/gpu/drm/bridge/ti-tpd12s015.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90432
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52817
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90080
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52837
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU91308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52867
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90084
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52879
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the apply_event_filter() function in kernel/trace/trace_events_filter.c, within the remove_subsystem(), event_enable_read(), event_enable_write(), event_filter_read() and trace_create_new_event() functions in kernel/trace/trace_events.c, within the register_event_command() function in kernel/trace/trace.h, within the tracing_open_file_tr() and tracing_release_file_tr() functions in kernel/trace/trace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU90465
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU91310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU91608
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU91609
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information disclosure
EUVDB-ID: #VU91345
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
kernel-tools-debuginfo: before 5.10.0-60.139.0.166
kernel-devel: before 5.10.0-60.139.0.166
kernel-headers: before 5.10.0-60.139.0.166
kernel-debuginfo: before 5.10.0-60.139.0.166
kernel-tools: before 5.10.0-60.139.0.166
python3-perf: before 5.10.0-60.139.0.166
python3-perf-debuginfo: before 5.10.0-60.139.0.166
kernel-debugsource: before 5.10.0-60.139.0.166
perf: before 5.10.0-60.139.0.166
kernel-tools-devel: before 5.10.0-60.139.0.166
perf-debuginfo: before 5.10.0-60.139.0.166
bpftool: before 5.10.0-60.139.0.166
bpftool-debuginfo: before 5.10.0-60.139.0.166
kernel-source: before 5.10.0-60.139.0.166
kernel: before 5.10.0-60.139.0.166
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1679
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
