openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90089
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47235
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU93180
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU92931
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU93179
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37353
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU93178
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39292
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.1.0.0284
python3-perf: before 4.19.90-2407.1.0.0284
python2-perf-debuginfo: before 4.19.90-2407.1.0.0284
python2-perf: before 4.19.90-2407.1.0.0284
perf-debuginfo: before 4.19.90-2407.1.0.0284
perf: before 4.19.90-2407.1.0.0284
kernel-tools-devel: before 4.19.90-2407.1.0.0284
kernel-tools-debuginfo: before 4.19.90-2407.1.0.0284
kernel-tools: before 4.19.90-2407.1.0.0284
kernel-source: before 4.19.90-2407.1.0.0284
kernel-devel: before 4.19.90-2407.1.0.0284
kernel-debugsource: before 4.19.90-2407.1.0.0284
kernel-debuginfo: before 4.19.90-2407.1.0.0284
bpftool-debuginfo: before 4.19.90-2407.1.0.0284
bpftool: before 4.19.90-2407.1.0.0284
kernel: before 4.19.90-2407.1.0.0284
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1793
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
