openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU91403
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36778
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the xiic_xfer() and xiic_i2c_remove() functions in drivers/i2c/busses/i2c-xiic.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU91404
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36782
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpi2c_imx_master_enable() function in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU87992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the hid_submit_ctrl() function in drivers/hid/usbhid/hid-core.c. A local user can force the driver to leak memory and perform denial of service attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU91545
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46941
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dwc3_set_prtcap(), __dwc3_set_mode() and dwc3_probe() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU88889
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ovs_fragment() function in net/openvswitch/actions.c when running openvswitch on kernels built with KASAN. A remote attacker can send specially crafted IPv4 packets to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU91070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47006
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU91068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper error handling
EUVDB-ID: #VU92947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47015
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU90033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47024
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_reset_no_sock(), virtio_transport_do_close() and virtio_transport_close() functions in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU91439
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47040
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the io_remove_buffers() and io_provide_buffers_prep() functions in fs/io_uring.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU90960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47049
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) State Issues
EUVDB-ID: #VU89260
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47086
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU89254
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper validation of array index
EUVDB-ID: #VU88885
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52603
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU90342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Race condition
EUVDB-ID: #VU87602
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24855
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf: before 4.19.90-2403.4.0.0271
bpftool: before 4.19.90-2403.4.0.0271
kernel-source: before 4.19.90-2403.4.0.0271
python3-perf-debuginfo: before 4.19.90-2403.4.0.0271
perf: before 4.19.90-2403.4.0.0271
python2-perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-devel: before 4.19.90-2403.4.0.0271
perf-debuginfo: before 4.19.90-2403.4.0.0271
kernel-debugsource: before 4.19.90-2403.4.0.0271
bpftool-debuginfo: before 4.19.90-2403.4.0.0271
kernel-tools-debuginfo: before 4.19.90-2403.4.0.0271
python2-perf: before 4.19.90-2403.4.0.0271
kernel-devel: before 4.19.90-2403.4.0.0271
kernel-tools: before 4.19.90-2403.4.0.0271
kernel: before 4.19.90-2403.4.0.0271
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1346
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
