openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU92339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU94408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU94424
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU94415
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU94464
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48855
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU94396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48856
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gfar_get_ts_info() function in drivers/net/ethernet/freescale/gianfar_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU94438
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_enable_bearer() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU94086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU94319
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU94301
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU94264
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU94345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2407.5.0.0287
python3-perf: before 4.19.90-2407.5.0.0287
python2-perf-debuginfo: before 4.19.90-2407.5.0.0287
python2-perf: before 4.19.90-2407.5.0.0287
perf-debuginfo: before 4.19.90-2407.5.0.0287
perf: before 4.19.90-2407.5.0.0287
kernel-tools-devel: before 4.19.90-2407.5.0.0287
kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287
kernel-tools: before 4.19.90-2407.5.0.0287
kernel-source: before 4.19.90-2407.5.0.0287
kernel-devel: before 4.19.90-2407.5.0.0287
kernel-debugsource: before 4.19.90-2407.5.0.0287
kernel-debuginfo: before 4.19.90-2407.5.0.0287
bpftool-debuginfo: before 4.19.90-2407.5.0.0287
bpftool: before 4.19.90-2407.5.0.0287
kernel: before 4.19.90-2407.5.0.0287
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
