openEuler 24.03 LTS update for kernel
Security Bulletin
This security bulletin contains information about 33 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU93029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper error handling
EUVDB-ID: #VU93079
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36481
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the parse_btf_field() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU90267
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the crw_inject_write() function in drivers/s390/cio/cio_inject.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU94122
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36951
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the event_interrupt_wq_v9() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c, within the event_interrupt_wq_v11() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c, within the event_interrupt_wq_v10() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Infinite loop
EUVDB-ID: #VU93130
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38384
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __blkcg_rstat_flush() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU92310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_mes_remove_ring() function in drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper error handling
EUVDB-ID: #VU92940
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38614
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unhandled_exception() function in arch/openrisc/kernel/traps.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of obsolete function
EUVDB-ID: #VU94119
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38620
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to kernel contains obsolete support for HCI_AMP. A local user can abuse such support, which can lead to potential security issues.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU93324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39462
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clk_dvp_probe() function in drivers/clk/bcm/clk-bcm2711-dvp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU93330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39464
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v4l2_async_nf_init() and v4l2_async_subdev_nf_init() functions in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU93829
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39478
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the starfive_rsa_enc_core() function in drivers/crypto/starfive/jh7110-rsa.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU93819
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_hwmon_register() function in drivers/gpu/drm/i915/i915_hwmon.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU94262
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39500
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_close() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU94261
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39502
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU94205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40934
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU94242
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_unbind() function in sound/pci/hda/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU94210
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40997
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-34.0.0.41
python3-perf: before 6.6.0-34.0.0.41
perf-debuginfo: before 6.6.0-34.0.0.41
perf: before 6.6.0-34.0.0.41
kernel-tools-devel: before 6.6.0-34.0.0.41
kernel-tools-debuginfo: before 6.6.0-34.0.0.41
kernel-tools: before 6.6.0-34.0.0.41
kernel-source: before 6.6.0-34.0.0.41
kernel-headers: before 6.6.0-34.0.0.41
kernel-devel: before 6.6.0-34.0.0.41
kernel-debugsource: before 6.6.0-34.0.0.41
kernel-debuginfo: before 6.6.0-34.0.0.41
bpftool-debuginfo: before 6.6.0-34.0.0.41
bpftool: before 6.6.0-34.0.0.41
kernel: before 6.6.0-34.0.0.41
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
