openEuler 22.03 LTS SP3 update for kernel
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU90279
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/ksmbd/smbacl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU93125
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU93029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU92331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38540
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU94262
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39500
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_close() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU94261
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39502
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU94205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40934
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-219.0.0.122
python3-perf: before 5.10.0-219.0.0.122
perf-debuginfo: before 5.10.0-219.0.0.122
perf: before 5.10.0-219.0.0.122
kernel-tools-devel: before 5.10.0-219.0.0.122
kernel-tools-debuginfo: before 5.10.0-219.0.0.122
kernel-tools: before 5.10.0-219.0.0.122
kernel-source: before 5.10.0-219.0.0.122
kernel-headers: before 5.10.0-219.0.0.122
kernel-devel: before 5.10.0-219.0.0.122
kernel-debugsource: before 5.10.0-219.0.0.122
kernel-debuginfo: before 5.10.0-219.0.0.122
kernel: before 5.10.0-219.0.0.122
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1861
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
