openEuler 20.03 LTS SP1 update for kernel
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93592
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47090
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90233
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47100
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU90016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47121
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cfusbl_create() and cfusbl_device_notify() functions in net/caif/caif_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47149
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90586
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47183
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU93688
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tps6598x_block_read() function in drivers/usb/typec/tps6598x.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU86580
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU89267
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU91535
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Infinite loop
EUVDB-ID: #VU93671
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26751
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU93844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26764
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Division by zero
EUVDB-ID: #VU91377
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26777
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Division by zero
EUVDB-ID: #VU91378
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26778
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Division by zero
EUVDB-ID: #VU68516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3061
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1535
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
