openEuler 20.03 LTS SP4 update for kernel



| Updated: 2024-08-05
Risk Critical
Patch available YES
Number of vulnerabilities 34
CVE-ID CVE-2021-47231
CVE-2021-47232
CVE-2021-47252
CVE-2021-47288
CVE-2021-47346
CVE-2021-47347
CVE-2021-47434
CVE-2021-47466
CVE-2021-47469
CVE-2021-47493
CVE-2021-47500
CVE-2021-47521
CVE-2021-47565
CVE-2021-47597
CVE-2021-47609
CVE-2022-48737
CVE-2022-48755
CVE-2022-48756
CVE-2023-52670
CVE-2023-52739
CVE-2023-52834
CVE-2023-52853
CVE-2024-27436
CVE-2024-35830
CVE-2024-36894
CVE-2024-36941
CVE-2024-36950
CVE-2024-36971
CVE-2024-38538
CVE-2024-38541
CVE-2024-38552
CVE-2024-38588
CVE-2024-38596
CVE-2024-38607
CWE-ID CWE-401
CWE-416
CWE-399
CWE-125
CWE-119
CWE-667
CWE-362
CWE-908
CWE-476
CWE-415
CWE-787
CWE-388
CWE-366
Exploitation vector Local
Public exploit Vulnerability #28 is being exploited in the wild.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

kernel-devel
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 34 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU89946

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47231

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90088

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the j1939_session_skb_drop_old(), j1939_session_skb_queue(), j1939_session_skb_find_by_offset(), j1939_session_tx_dat(), j1939_xtp_txnext_receiver(), j1939_simple_txnext(), j1939_session_completed() and j1939_xtp_rx_dat_one() functions in net/can/j1939/transport.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU93253

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47252

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU90297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47288

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU90301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47346

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tmc_update_etf_buffer() function in drivers/hwtracing/coresight/coresight-tmc-etf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU91309

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47347

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU91619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47466

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_open() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU90737

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47469

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU91465

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47493

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ocfs2_test_bg_bit_allocatable() function in fs/ocfs2/suballoc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90050

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47500

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU91052

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47521

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ems_pcmcia_add_card() function in drivers/net/can/sja1000/ems_pcmcia.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU93588

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of uninitialized resource

EUVDB-ID: #VU92934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47597

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU93303

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47609

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU92902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48737

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU92978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48755

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EMIT() function in arch/powerpc/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU92915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU89988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52670

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Double free

EUVDB-ID: #VU90889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52739

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the free_the_page() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU93304

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52834

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU91229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52853

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cp2112_gpio_irq_startup() and cp2112_probe() functions in drivers/hid/hid-cp2112.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU90528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36941

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper error handling

EUVDB-ID: #VU92055

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36950

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

29) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU92330

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38552

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU92312

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38588

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Race condition within a thread

EUVDB-ID: #VU92380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU93181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38607

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###