openEuler 22.03 LTS SP3 update for kernel
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93211
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47014
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcf_ct_handle_fragments(), tcf_ct_act() and skb_push_rcsum() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU93164
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47036
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU87745
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU90629
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU89254
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper validation of array index
EUVDB-ID: #VU88885
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52603
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Race condition
EUVDB-ID: #VU87602
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24855
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-193.0.0.106
kernel-devel: before 5.10.0-193.0.0.106
kernel-debuginfo: before 5.10.0-193.0.0.106
kernel-source: before 5.10.0-193.0.0.106
perf: before 5.10.0-193.0.0.106
kernel-tools-devel: before 5.10.0-193.0.0.106
kernel-tools-debuginfo: before 5.10.0-193.0.0.106
perf-debuginfo: before 5.10.0-193.0.0.106
kernel-debugsource: before 5.10.0-193.0.0.106
kernel-headers: before 5.10.0-193.0.0.106
python3-perf: before 5.10.0-193.0.0.106
kernel-tools: before 5.10.0-193.0.0.106
kernel: before 5.10.0-193.0.0.106
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1344
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
