openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2021-47612
CVE-2022-48775
CVE-2022-48788
CVE-2022-48838
CVE-2022-48855
CVE-2022-48856
CVE-2022-48865
CVE-2024-38589
CVE-2024-39493
CVE-2024-39494
CVE-2024-39499
CVE-2024-40904
CVE-2024-40912
CVE-2024-40929
CVE-2024-40932
CVE-2024-40941
CVE-2024-40943
CVE-2024-40968
CVE-2024-40974
CVE-2024-40984
CVE-2024-40987
CVE-2024-41005
CVE-2024-41007
CWE-ID CWE-476
CWE-401
CWE-416
CWE-908
CWE-667
CWE-125
CWE-119
CWE-20
CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU92339

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47612

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU94408

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48775

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU94424

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48788

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU94415

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48838

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of uninitialized resource

EUVDB-ID: #VU94464

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48855

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU94396

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48856

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gfar_get_ts_info() function in drivers/net/ethernet/freescale/gianfar_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU94438

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48865

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_enable_bearer() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU94086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39493

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU94283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40904

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU94282

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU94319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU94301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU94307

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40987

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU94264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU94345

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41007

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.5.0.0287

python3-perf: before 4.19.90-2407.5.0.0287

python2-perf-debuginfo: before 4.19.90-2407.5.0.0287

python2-perf: before 4.19.90-2407.5.0.0287

perf-debuginfo: before 4.19.90-2407.5.0.0287

perf: before 4.19.90-2407.5.0.0287

kernel-tools-devel: before 4.19.90-2407.5.0.0287

kernel-tools-debuginfo: before 4.19.90-2407.5.0.0287

kernel-tools: before 4.19.90-2407.5.0.0287

kernel-source: before 4.19.90-2407.5.0.0287

kernel-devel: before 4.19.90-2407.5.0.0287

kernel-debugsource: before 4.19.90-2407.5.0.0287

kernel-debuginfo: before 4.19.90-2407.5.0.0287

bpftool-debuginfo: before 4.19.90-2407.5.0.0287

bpftool: before 4.19.90-2407.5.0.0287

kernel: before 4.19.90-2407.5.0.0287

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1895


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###