openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 35
CVE-ID CVE-2021-47432
CVE-2021-47622
CVE-2022-48814
CVE-2022-48816
CVE-2022-48844
CVE-2023-52757
CVE-2023-52781
CVE-2024-36939
CVE-2024-38559
CVE-2024-38568
CVE-2024-38578
CVE-2024-38589
CVE-2024-38618
CVE-2024-38619
CVE-2024-39469
CVE-2024-39472
CVE-2024-39494
CVE-2024-39499
CVE-2024-39505
CVE-2024-40904
CVE-2024-40905
CVE-2024-40912
CVE-2024-40929
CVE-2024-40932
CVE-2024-40941
CVE-2024-40943
CVE-2024-40968
CVE-2024-40974
CVE-2024-40983
CVE-2024-40984
CVE-2024-40987
CVE-2024-41004
CVE-2024-41005
CVE-2024-41007
CVE-2024-41009
CWE-ID CWE-190
CWE-667
CWE-399
CWE-401
CWE-416
CWE-682
CWE-388
CWE-125
CWE-20
CWE-908
CWE-476
CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 35 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU91179

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47432

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the __genradix_iter_peek() function in lib/generic-radix-tree.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU94457

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47622

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU94474

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48814

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vsc9953_mdio_bus_alloc() and vsc9953_mdio_bus_free() functions in drivers/net/dsa/ocelot/seville_vsc9953.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU94452

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48816

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xs_get_srcport() function in net/sunrpc/xprtsock.c, within the rpc_sysfs_xprt_srcaddr_show() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU94400

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48844

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_release_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90069

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52757

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Incorrect calculation

EUVDB-ID: #VU93611

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52781

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper error handling

EUVDB-ID: #VU92054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36939

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU92325

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38568

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of uninitialized resource

EUVDB-ID: #VU93082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper error handling

EUVDB-ID: #VU93336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39469

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39472

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU94259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39505

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU94283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40904

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU94257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU94282

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU94319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU94301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU94307

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40987

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU94265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41004

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU94264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU94345

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41007

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU94508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41009

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.86.0.167

python3-perf: before 5.10.0-136.86.0.167

perf-debuginfo: before 5.10.0-136.86.0.167

perf: before 5.10.0-136.86.0.167

kernel-tools-devel: before 5.10.0-136.86.0.167

kernel-tools-debuginfo: before 5.10.0-136.86.0.167

kernel-tools: before 5.10.0-136.86.0.167

kernel-source: before 5.10.0-136.86.0.167

kernel-headers: before 5.10.0-136.86.0.167

kernel-devel: before 5.10.0-136.86.0.167

kernel-debugsource: before 5.10.0-136.86.0.167

kernel-debuginfo: before 5.10.0-136.86.0.167

kernel: before 5.10.0-136.86.0.167

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1896


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###