openEuler 22.03 LTS SP3 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 39
CVE-ID CVE-2021-47381
CVE-2021-47618
CVE-2022-48733
CVE-2022-48744
CVE-2022-48765
CVE-2022-48772
CVE-2023-52833
CVE-2024-31076
CVE-2024-35879
CVE-2024-35893
CVE-2024-35969
CVE-2024-35988
CVE-2024-36014
CVE-2024-36489
CVE-2024-37353
CVE-2024-37354
CVE-2024-38381
CVE-2024-38547
CVE-2024-38552
CVE-2024-38554
CVE-2024-38577
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38590
CVE-2024-38598
CVE-2024-38602
CVE-2024-38603
CVE-2024-38615
CVE-2024-38621
CVE-2024-38623
CVE-2024-38625
CVE-2024-38633
CVE-2024-38634
CVE-2024-38637
CVE-2024-38780
CVE-2024-39301
CVE-2024-39362
CVE-2024-39467
CWE-ID CWE-119
CWE-476
CWE-416
CWE-399
CWE-401
CWE-20
CWE-362
CWE-908
CWE-125
CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 39 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU93502

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47381

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xtensa_stack() function in sound/soc/sof/xtensa/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU92918

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47618

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU92895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48733

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU92950

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48744

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU93276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48765

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU93327

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU90452

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52833

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btusb_mtk_hci_wmt_sync() function in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU93016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU89979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35879

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU93609

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU94125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35988

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU89897

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36014

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU93030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36489

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU93179

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37353

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Race condition

EUVDB-ID: #VU93373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37354

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use of uninitialized resource

EUVDB-ID: #VU93042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38381

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU92350

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38547

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU92330

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38552

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU92294

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38554

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU92378

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU92953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38579

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU92366

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38582

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU92311

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38583

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU93087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38590

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU92320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU92296

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38602

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU92297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38603

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU94120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU93025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38621

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU93236

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38623

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU93045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38625

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU93032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38633

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU93038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38634

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU93046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38637

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU93034

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38780

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use of uninitialized resource

EUVDB-ID: #VU93337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39301

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU93334

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39362

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU93325

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39467

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-218.0.0.121

python3-perf: before 5.10.0-218.0.0.121

perf-debuginfo: before 5.10.0-218.0.0.121

perf: before 5.10.0-218.0.0.121

kernel-tools-devel: before 5.10.0-218.0.0.121

kernel-tools-debuginfo: before 5.10.0-218.0.0.121

kernel-tools: before 5.10.0-218.0.0.121

kernel-source: before 5.10.0-218.0.0.121

kernel-headers: before 5.10.0-218.0.0.121

kernel-devel: before 5.10.0-218.0.0.121

kernel-debugsource: before 5.10.0-218.0.0.121

kernel-debuginfo: before 5.10.0-218.0.0.121

kernel: before 5.10.0-218.0.0.121

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1839


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###