openEuler 22.03 LTS update for kernel
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU91400
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48655
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU87901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper privilege management
EUVDB-ID: #VU93736
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52642
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Double free
EUVDB-ID: #VU90897
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26792
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU90471
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU93404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90577
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
bpftool-debuginfo: before 5.10.0-60.137.0.164
kernel-tools: before 5.10.0-60.137.0.164
kernel-tools-debuginfo: before 5.10.0-60.137.0.164
bpftool: before 5.10.0-60.137.0.164
perf: before 5.10.0-60.137.0.164
kernel-source: before 5.10.0-60.137.0.164
kernel-devel: before 5.10.0-60.137.0.164
perf-debuginfo: before 5.10.0-60.137.0.164
kernel-headers: before 5.10.0-60.137.0.164
kernel-tools-devel: before 5.10.0-60.137.0.164
kernel-debugsource: before 5.10.0-60.137.0.164
kernel-debuginfo: before 5.10.0-60.137.0.164
python3-perf-debuginfo: before 5.10.0-60.137.0.164
python3-perf: before 5.10.0-60.137.0.164
kernel: before 5.10.0-60.137.0.164
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1619
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
