openEuler 20.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 77
CVE-ID CVE-2021-47269
CVE-2021-47284
CVE-2021-47335
CVE-2021-47393
CVE-2021-47455
CVE-2021-47473
CVE-2021-47497
CVE-2022-48695
CVE-2022-48697
CVE-2022-48702
CVE-2022-48704
CVE-2022-48710
CVE-2023-52650
CVE-2023-52652
CVE-2023-52653
CVE-2023-52656
CVE-2023-52683
CVE-2023-52691
CVE-2023-52698
CVE-2023-52813
CVE-2023-52817
CVE-2023-52818
CVE-2023-52835
CVE-2023-52840
CVE-2023-52847
CVE-2023-52867
CVE-2023-52868
CVE-2024-26955
CVE-2024-26956
CVE-2024-26957
CVE-2024-26958
CVE-2024-26960
CVE-2024-26961
CVE-2024-26965
CVE-2024-26966
CVE-2024-26969
CVE-2024-26974
CVE-2024-26976
CVE-2024-26981
CVE-2024-26982
CVE-2024-26993
CVE-2024-26994
CVE-2024-26996
CVE-2024-26999
CVE-2024-27000
CVE-2024-27001
CVE-2024-27008
CVE-2024-27010
CVE-2024-27011
CVE-2024-27024
CVE-2024-27028
CVE-2024-27037
CVE-2024-27046
CVE-2024-27051
CVE-2024-27054
CVE-2024-27059
CVE-2024-27062
CVE-2024-27072
CVE-2024-27073
CVE-2024-27075
CVE-2024-27077
CVE-2024-27078
CVE-2024-27388
CVE-2024-27403
CVE-2024-27419
CVE-2024-35805
CVE-2024-35806
CVE-2024-35815
CVE-2024-35835
CVE-2024-35886
CVE-2024-35898
CVE-2024-35922
CVE-2024-35930
CVE-2024-35936
CVE-2024-35950
CVE-2024-35976
CVE-2024-35997
CWE-ID CWE-476
CWE-665
CWE-416
CWE-125
CWE-401
CWE-667
CWE-200
CWE-477
CWE-190
CWE-415
CWE-399
CWE-119
CWE-388
CWE-362
CWE-20
CWE-682
CWE-369
CWE-121
CWE-191
CWE-366
CWE-835
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 77 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU90477

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47269

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Initialization

EUVDB-ID: #VU91550

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47284

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU90129

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47335

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the init_f2fs_fs() and exit_f2fs_fs() functions in fs/f2fs/super.c, within the f2fs_recover_fsync_data() function in fs/f2fs/recovery.c, within the f2fs_destroy_garbage_collection_cache() function in fs/f2fs/f2fs.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU90302

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47393

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mlxreg_fan_set_cur_state() function in drivers/hwmon/mlxreg-fan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU89939

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47455

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ptp_clock_register() function in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU89941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47473

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU90276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47497

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU90171

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48695

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU90172

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48697

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU90312

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48702

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU91520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48704

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU90411

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48710

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_fp_native_mode() function in drivers/gpu/drm/radeon/radeon_connectors.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU91353

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52652

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU90459

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52653

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of obsolete function

EUVDB-ID: #VU93856

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52656

CWE-ID: CWE-477 - Use of Obsolete Function

Exploit availability: No

Description

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU91424

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52683

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Double free

EUVDB-ID: #VU90921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52691

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU89982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52698

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU91607

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52813

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU90432

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52817

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU90289

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52818

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU91084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52835

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU91056

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52840

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU91054

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52847

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU91308

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52867

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU93616

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52868

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the thermal_zone_bind_cooling_device() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU93652

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26955

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU93155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26956

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU91062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90183

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Race condition

EUVDB-ID: #VU91475

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26960

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU90186

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU91393

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26965

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU91394

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU91397

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90185

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU90774

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU90318

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26981

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU90857

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26982

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU91355

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26993

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU93243

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26994

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU90184

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26996

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU91449

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26999

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU91450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27000

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Resource management error

EUVDB-ID: #VU92969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27001

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU91095

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27008

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU90769

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27010

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory leak

EUVDB-ID: #VU90463

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27011

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU93841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27024

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU90555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU90523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27037

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU91501

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Division by zero

EUVDB-ID: #VU91374

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27059

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Race condition

EUVDB-ID: #VU91471

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27062

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU90765

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27072

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Memory leak

EUVDB-ID: #VU90455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Stack-based buffer overflow

EUVDB-ID: #VU91298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27075

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory leak

EUVDB-ID: #VU90451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27077

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Integer underflow

EUVDB-ID: #VU91669

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27403

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Race condition within a thread

EUVDB-ID: #VU91429

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27419

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU91519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU90755

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35806

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Resource management error

EUVDB-ID: #VU93271

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35815

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Double free

EUVDB-ID: #VU90923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35835

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Infinite loop

EUVDB-ID: #VU91413

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35886

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Race condition within a thread

EUVDB-ID: #VU91427

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35898

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Division by zero

EUVDB-ID: #VU91372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35922

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Memory leak

EUVDB-ID: #VU89976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35930

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper error handling

EUVDB-ID: #VU90942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35936

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds read

EUVDB-ID: #VU90305

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35976

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Infinite loop

EUVDB-ID: #VU91412

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35997

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

python2-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-devel: before 4.19.90-2405.5.0.0251

kernel-source: before 4.19.90-2405.5.0.0251

perf: before 4.19.90-2405.5.0.0251

python2-perf: before 4.19.90-2405.5.0.0251

bpftool-debuginfo: before 4.19.90-2405.5.0.0251

python3-perf: before 4.19.90-2405.5.0.0251

python3-perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debuginfo: before 4.19.90-2405.5.0.0251

kernel-tools-devel: before 4.19.90-2405.5.0.0251

bpftool: before 4.19.90-2405.5.0.0251

kernel-tools: before 4.19.90-2405.5.0.0251

kernel-tools-debuginfo: before 4.19.90-2405.5.0.0251

perf-debuginfo: before 4.19.90-2405.5.0.0251

kernel-debugsource: before 4.19.90-2405.5.0.0251

kernel: before 4.19.90-2405.5.0.0251

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1677


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###