openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 46
CVE-ID CVE-2020-36783
CVE-2021-46984
CVE-2021-47054
CVE-2021-47056
CVE-2021-47060
CVE-2021-47061
CVE-2021-47063
CVE-2021-47071
CVE-2021-47074
CVE-2021-47077
CVE-2021-47078
CVE-2021-47101
CVE-2021-47131
CVE-2021-47142
CVE-2021-47143
CVE-2021-47144
CVE-2021-47145
CVE-2021-47146
CVE-2021-47153
CVE-2021-47159
CVE-2021-47160
CVE-2021-47161
CVE-2021-47162
CVE-2021-47163
CVE-2021-47167
CVE-2021-47170
CVE-2021-47171
CVE-2021-47173
CVE-2021-47180
CVE-2023-52464
CVE-2023-52475
CVE-2023-52500
CVE-2023-52507
CVE-2023-52510
CVE-2023-52515
CVE-2023-52522
CVE-2023-52530
CVE-2023-52566
CVE-2023-52578
CVE-2023-52583
CVE-2023-52587
CVE-2023-52594
CVE-2023-52595
CVE-2023-52597
CVE-2023-52598
CVE-2023-52622
CWE-ID CWE-200
CWE-125
CWE-401
CWE-908
CWE-476
CWE-416
CWE-388
CWE-667
CWE-835
CWE-362
CWE-20
CWE-119
CWE-787
CWE-399
CWE-254
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

kernel-devel
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 46 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU91405

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36783

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the img_i2c_xfer() and img_i2c_init() functions in drivers/i2c/busses/i2c-img-scb.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU90355

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46984

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dd_request_merge() function in block/mq-deadline.c, within the kyber_limit_depth() function in block/kyber-iosched.c, within the __blk_mq_sched_bio_merge() function in block/blk-mq-sched.c, within the bfq_remove_request() function in block/bfq-iosched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU91658

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47054

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_ebi2_probe() function in drivers/bus/qcom-ebi2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of uninitialized resource

EUVDB-ID: #VU93084

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47056

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU92997

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to a NULL pointer dereference error. A local privileged user can pass specially crafted data to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90244

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47061

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_io_bus_unregister_dev() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90243

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47063

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU90025

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47071

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU90027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU90638

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47077

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qedf_update_link_speed() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90242

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47078

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rxe_qp_init_req(), rxe_qp_init_resp() and rxe_qp_from_init() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use of uninitialized resource

EUVDB-ID: #VU90882

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90223

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47131

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90222

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47142

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper error handling

EUVDB-ID: #VU90956

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47143

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the EXPORT_SYMBOL_GPL() and smcd_register_dev() functions in net/smc/smc_ism.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU91652

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47144

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amdgpu_fbdev_destroy() function in drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper error handling

EUVDB-ID: #VU93654

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47145

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the link_to_fixup_dir() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU92048

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47146

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU92059

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47153

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Infinite loop

EUVDB-ID: #VU93069

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47159

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dsa_master_get_strings() function in net/dsa/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU91651

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47160

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mt7530_port_set_vlan_aware() function in drivers/net/dsa/mt7530.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper error handling

EUVDB-ID: #VU90953

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47161

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU91064

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Race condition

EUVDB-ID: #VU93381

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47163

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the cleanup_bearer() and tipc_udp_disable() functions in net/tipc/udp_media.c, within the tipc_exit_net() function in net/tipc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU93691

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47167

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU93401

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47170

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the proc_bulk() and proc_do_submiturb() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU90011

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU90013

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47173

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU90012

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47180

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds write

EUVDB-ID: #VU88895

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52464

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90247

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52475

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the powermate_disconnect() function in drivers/input/misc/powermate.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU91657

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52500

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU90350

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52507

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU90235

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52510

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU90236

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52515

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource management error

EUVDB-ID: #VU89387

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52522

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can  perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90237

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52530

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU90238

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52566

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Race condition

EUVDB-ID: #VU89384

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52578

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU90802

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52583

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU91541

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52587

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU90343

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52594

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper locking

EUVDB-ID: #VU90803

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52595

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Security features bypass

EUVDB-ID: #VU92172

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52597

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource management error

EUVDB-ID: #VU93864

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52598

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Buffer overflow

EUVDB-ID: #VU93471

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-devel: before 4.19.90-2404.2.0.0273

kernel-tools: before 4.19.90-2404.2.0.0273

kernel-tools-debuginfo: before 4.19.90-2404.2.0.0273

python2-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debuginfo: before 4.19.90-2404.2.0.0273

kernel-debugsource: before 4.19.90-2404.2.0.0273

bpftool-debuginfo: before 4.19.90-2404.2.0.0273

python3-perf: before 4.19.90-2404.2.0.0273

python3-perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel-source: before 4.19.90-2404.2.0.0273

perf: before 4.19.90-2404.2.0.0273

python2-perf: before 4.19.90-2404.2.0.0273

kernel-tools-devel: before 4.19.90-2404.2.0.0273

bpftool: before 4.19.90-2404.2.0.0273

perf-debuginfo: before 4.19.90-2404.2.0.0273

kernel: before 4.19.90-2404.2.0.0273

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1484


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###