openEuler 22.03 LTS SP3 update for kernel



| Updated: 2024-07-05
Risk Medium
Patch available YES
Number of vulnerabilities 67
CVE-ID CVE-2021-47265
CVE-2021-47356
CVE-2021-47370
CVE-2021-47427
CVE-2021-47489
CVE-2022-48689
CVE-2023-52654
CVE-2023-52669
CVE-2023-52677
CVE-2023-52696
CVE-2023-52699
CVE-2023-52750
CVE-2023-52752
CVE-2023-52753
CVE-2023-52756
CVE-2023-52759
CVE-2023-52774
CVE-2023-52789
CVE-2023-52795
CVE-2023-52796
CVE-2023-52798
CVE-2023-52799
CVE-2023-52800
CVE-2023-52802
CVE-2023-52814
CVE-2023-52819
CVE-2023-52826
CVE-2023-52831
CVE-2023-52832
CVE-2023-52836
CVE-2023-52838
CVE-2023-52864
CVE-2023-52865
CVE-2023-52871
CVE-2023-52875
CVE-2023-52878
CVE-2024-26833
CVE-2024-26877
CVE-2024-26934
CVE-2024-27020
CVE-2024-27399
CVE-2024-27401
CVE-2024-27413
CVE-2024-27415
CVE-2024-35789
CVE-2024-35808
CVE-2024-35822
CVE-2024-35823
CVE-2024-35840
CVE-2024-35855
CVE-2024-35877
CVE-2024-35900
CVE-2024-35904
CVE-2024-35925
CVE-2024-35939
CVE-2024-35950
CVE-2024-35956
CVE-2024-35958
CVE-2024-35960
CVE-2024-35978
CVE-2024-35989
CVE-2024-36000
CVE-2024-36004
CVE-2024-36007
CVE-2024-36015
CVE-2024-36940
CVE-2021-42327
CWE-ID CWE-20
CWE-416
CWE-399
CWE-125
CWE-366
CWE-476
CWE-667
CWE-388
CWE-119
CWE-617
CWE-415
CWE-190
CWE-401
CWE-682
CWE-369
CWE-200
CWE-665
CWE-252
CWE-787
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #67 is available.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 67 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU93174

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90134

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47356

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU93266

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47370

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_sendmsg_frag() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU91057

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47427

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iscsi_eh_abort() function in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU91082

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47489

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dp_phy_settings_write(), dp_phy_test_pattern_debugfs_write(), dp_dsc_passthrough_set(), trigger_hotplug(), dp_dsc_clock_en_write(), dp_dsc_slice_width_write(), dp_dsc_slice_height_write(), dp_dsc_bits_per_pixel_write() and dp_max_bpc_write() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition within a thread

EUVDB-ID: #VU91430

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48689

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the skb_frag_size_add() function in net/ipv4/tcp.c, within the __zerocopy_sg_from_iter() function in net/core/datagram.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU93257

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52654

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU91423

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52669

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU93679

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52677

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ALIGN() function in arch/riscv/kernel/vmlinux.lds.S, within the INIT_TEXT_SECTION() function in arch/riscv/kernel/vmlinux-xip.lds.S, within the is_kernel_exittext() and patch_map() functions in arch/riscv/kernel/patch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU90550

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52696

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU90751

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52699

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper error handling

EUVDB-ID: #VU90935

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52750

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90068

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU91226

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52753

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU91307

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52756

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Reachable Assertion

EUVDB-ID: #VU90905

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52759

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU91504

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52774

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU90421

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52789

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Double free

EUVDB-ID: #VU90888

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52795

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the vhost_vdpa_probe() function in drivers/vhost/vdpa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU91506

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52796

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU90075

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_wmi_pdev_dfs_radar_detected_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU90281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52799

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU90071

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU90536

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52802

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_adc_probe() function in drivers/iio/adc/stm32-adc-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU90538

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52814

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU90288

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52819

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU90454

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52826

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tpg110_get_modes() function in drivers/gpu/drm/panel/panel-tpo-tpg110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU90934

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52831

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the cpu_down_maps_locked() function in kernel/cpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU91425

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52832

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU91505

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52836

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper error handling

EUVDB-ID: #VU90933

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52838

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the imsttfb_probe() function in drivers/video/fbdev/imsttfb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU91198

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU90425

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52865

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU93143

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52871

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU90424

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52875

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU91083

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52878

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU90004

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26833

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU93200

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26877

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU90776

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Race condition within a thread

EUVDB-ID: #VU91432

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU89673

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27399

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU89675

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27401

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU93470

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27413

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU91317

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27415

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU90754

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35808

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper locking

EUVDB-ID: #VU93464

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35822

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Buffer overflow

EUVDB-ID: #VU93153

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35823

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU93429

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35840

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU90163

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Memory leak

EUVDB-ID: #VU91638

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35877

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Incorrect calculation

EUVDB-ID: #VU93613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU93461

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Division by zero

EUVDB-ID: #VU91373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35925

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Information disclosure

EUVDB-ID: #VU91344

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35939

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Information disclosure

EUVDB-ID: #VU91343

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35956

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Resource management error

EUVDB-ID: #VU93255

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper Initialization

EUVDB-ID: #VU93351

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35960

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU89973

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35978

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU93472

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35989

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Reachable Assertion

EUVDB-ID: #VU90907

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36000

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Incorrect calculation

EUVDB-ID: #VU93612

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36007

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Unchecked Return Value

EUVDB-ID: #VU89896

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36015

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds write

EUVDB-ID: #VU92411

Risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-42327

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-202.0.0.115

kernel-tools-devel: before 5.10.0-202.0.0.115

kernel-tools-debuginfo: before 5.10.0-202.0.0.115

python3-perf: before 5.10.0-202.0.0.115

kernel-debugsource: before 5.10.0-202.0.0.115

kernel-debuginfo: before 5.10.0-202.0.0.115

kernel-source: before 5.10.0-202.0.0.115

kernel-headers: before 5.10.0-202.0.0.115

kernel-tools: before 5.10.0-202.0.0.115

perf-debuginfo: before 5.10.0-202.0.0.115

kernel-devel: before 5.10.0-202.0.0.115

perf: before 5.10.0-202.0.0.115

kernel: before 5.10.0-202.0.0.115

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1694


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###