openEuler 22.03 LTS SP1 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2021-47391 CVE-2022-48721 CVE-2023-52743 CVE-2023-52755 CVE-2023-52833 CVE-2024-34027 CVE-2024-36478 CVE-2024-38540 CVE-2024-38558 CVE-2024-38570 CVE-2024-38586 CVE-2024-38598 CVE-2024-38605 CVE-2024-38615 CVE-2024-38632 CVE-2024-39480 CVE-2024-39487 CVE-2024-39488 CVE-2024-39489 CVE-2024-39500 CVE-2024-40931 CVE-2024-40971 |
| CWE-ID | CWE-416 CWE-667 CWE-399 CWE-125 CWE-476 CWE-20 CWE-119 CWE-401 CWE-388 CWE-908 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90141
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47391
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU92924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48721
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_stat_fallback(), smc_switch_to_fallback() and smc_clcsock_data_ready() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU93184
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52743
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ice_module_init() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU90279
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/ksmbd/smbacl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90452
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52833
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_mtk_hci_wmt_sync() function in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU93125
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU93029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU92331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38540
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU94120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU94262
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39500
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_close() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.85.0.166
python3-perf: before 5.10.0-136.85.0.166
perf-debuginfo: before 5.10.0-136.85.0.166
perf: before 5.10.0-136.85.0.166
kernel-tools-devel: before 5.10.0-136.85.0.166
kernel-tools-debuginfo: before 5.10.0-136.85.0.166
kernel-tools: before 5.10.0-136.85.0.166
kernel-source: before 5.10.0-136.85.0.166
kernel-headers: before 5.10.0-136.85.0.166
kernel-devel: before 5.10.0-136.85.0.166
kernel-debugsource: before 5.10.0-136.85.0.166
kernel-debuginfo: before 5.10.0-136.85.0.166
kernel: before 5.10.0-136.85.0.166
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1860
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
