openEuler 20.03 LTS SP4 update for kernel

1) Memory leak

EUVDB-ID: #VU89946

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47231

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90088

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the j1939_session_skb_drop_old(), j1939_session_skb_queue(), j1939_session_skb_find_by_offset(), j1939_session_tx_dat(), j1939_xtp_txnext_receiver(), j1939_simple_txnext(), j1939_session_completed() and j1939_xtp_rx_dat_one() functions in net/can/j1939/transport.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU93253

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47252

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU90297

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47288

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU90301

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47346

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tmc_update_etf_buffer() function in drivers/hwtracing/coresight/coresight-tmc-etf.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU91309

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47347

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93139

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU91619

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47466

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_open() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU90737

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47469

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU91465

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47493

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ocfs2_test_bg_bit_allocatable() function in fs/ocfs2/suballoc.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90050

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47500

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU91052

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47521

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ems_pcmcia_add_card() function in drivers/net/can/sja1000/ems_pcmcia.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU93588

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of uninitialized resource

EUVDB-ID: #VU92934

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47597

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU93303

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47609

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU92902

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48737

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU92978

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48755

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EMIT() function in arch/powerpc/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU92915

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU89988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52670

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Double free

EUVDB-ID: #VU90889

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52739

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the free_the_page() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU93304

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52834

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU91229

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52853

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cp2112_gpio_irq_startup() and cp2112_probe() functions in drivers/hid/hid-cp2112.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU90528

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36941

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper error handling

EUVDB-ID: #VU92055

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36950

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

29) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU92330

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38552

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU92312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38588

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Race condition within a thread

EUVDB-ID: #VU92380

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU93181

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38607

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2406.4.0.0283

python3-perf: before 4.19.90-2406.4.0.0283

bpftool-debuginfo: before 4.19.90-2406.4.0.0283

kernel-tools: before 4.19.90-2406.4.0.0283

kernel-tools-devel: before 4.19.90-2406.4.0.0283

python3-perf-debuginfo: before 4.19.90-2406.4.0.0283

perf: before 4.19.90-2406.4.0.0283

python2-perf: before 4.19.90-2406.4.0.0283

kernel-debuginfo: before 4.19.90-2406.4.0.0283

kernel-source: before 4.19.90-2406.4.0.0283

kernel-tools-debuginfo: before 4.19.90-2406.4.0.0283

bpftool: before 4.19.90-2406.4.0.0283

python2-perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel-debugsource: before 4.19.90-2406.4.0.0283

perf-debuginfo: before 4.19.90-2406.4.0.0283

kernel: before 4.19.90-2406.4.0.0283

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1767

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.