openEuler 20.03 LTS SP1 update for kernel
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90257
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46929
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_lookup_process() and sctp_transport_get_idx() functions in net/sctp/socket.c, within the sctp_sock_dump() and sctp_sock_filter() functions in net/sctp/sctp_diag.c, within the sctp_endpoint_free() and sctp_endpoint_destroy() functions in net/sctp/endpointola.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU88892
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU88893
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46966
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cm_write() function in drivers/acpi/custom_method.c. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double Free
EUVDB-ID: #VU89391
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47082
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90226
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47123
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_link_timeout_fn() function in fs/io_uring.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU89395
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU92971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU93156
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU89394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47211
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU91648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47216
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90584
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Race condition
EUVDB-ID: #VU91484
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU91314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Incorrect calculation
EUVDB-ID: #VU89392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26752
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
