openEuler 22.03 LTS update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 19 |
| CVE-ID | CVE-2024-25739 CVE-2024-26607 CVE-2024-26614 CVE-2024-26644 CVE-2024-26698 CVE-2024-26736 CVE-2024-26751 CVE-2024-26764 CVE-2024-26772 CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26810 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-27437 CVE-2022-3061 |
| CWE-ID | CWE-754 CWE-476 CWE-399 CWE-667 CWE-362 CWE-119 CWE-835 CWE-369 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92399
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25739
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90640
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU91535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU91482
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26698
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU92007
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Infinite loop
EUVDB-ID: #VU93671
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26751
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26764
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Division by zero
EUVDB-ID: #VU91377
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26777
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Division by zero
EUVDB-ID: #VU91378
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26778
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU92972
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26788
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Division by zero
EUVDB-ID: #VU68516
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3061
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
perf-debuginfo: before 5.10.0-60.136.0.163
perf: before 5.10.0-60.136.0.163
python3-perf: before 5.10.0-60.136.0.163
bpftool-debuginfo: before 5.10.0-60.136.0.163
kernel-tools-debuginfo: before 5.10.0-60.136.0.163
python3-perf-debuginfo: before 5.10.0-60.136.0.163
kernel-headers: before 5.10.0-60.136.0.163
kernel-tools: before 5.10.0-60.136.0.163
kernel-source: before 5.10.0-60.136.0.163
kernel-debuginfo: before 5.10.0-60.136.0.163
bpftool: before 5.10.0-60.136.0.163
kernel-devel: before 5.10.0-60.136.0.163
kernel-debugsource: before 5.10.0-60.136.0.163
kernel-tools-devel: before 5.10.0-60.136.0.163
kernel: before 5.10.0-60.136.0.163
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1524
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
