openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 42
CVE-ID CVE-2024-34030
CVE-2024-36014
CVE-2024-36016
CVE-2024-36031
CVE-2024-36881
CVE-2024-36939
CVE-2024-36979
CVE-2024-38559
CVE-2024-38578
CVE-2024-38589
CVE-2024-38618
CVE-2024-38619
CVE-2024-39463
CVE-2024-39469
CVE-2024-39472
CVE-2024-39485
CVE-2024-39494
CVE-2024-39499
CVE-2024-39505
CVE-2024-40912
CVE-2024-40916
CVE-2024-40918
CVE-2024-40923
CVE-2024-40929
CVE-2024-40932
CVE-2024-40936
CVE-2024-40941
CVE-2024-40943
CVE-2024-40951
CVE-2024-40952
CVE-2024-40957
CVE-2024-40968
CVE-2024-40974
CVE-2024-40975
CVE-2024-40977
CVE-2024-40983
CVE-2024-40984
CVE-2024-40987
CVE-2024-41004
CVE-2024-41005
CVE-2024-41007
CVE-2024-41009
CWE-ID CWE-476
CWE-787
CWE-20
CWE-388
CWE-416
CWE-125
CWE-667
CWE-908
CWE-401
CWE-119
CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 42 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU93121

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34030

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_pci_prop_intr_map() function in drivers/pci/of_property.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU89897

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36014

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU89898

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36016

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU94121

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU90847

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the userfaultfd_release() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper error handling

EUVDB-ID: #VU92054

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36939

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU92305

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36979

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use of uninitialized resource

EUVDB-ID: #VU93082

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU93322

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39463

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper error handling

EUVDB-ID: #VU93336

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39469

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39472

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU93826

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39485

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __v4l2_async_nf_unregister() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU94259

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39505

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU94282

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU94281

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40916

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU94280

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40918

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the PTR_PAGE_ALIGN_DOWN(), __flush_cache_page(), flush_icache_pages(), pte_needs_flush(), flush_dcache_folio(), purge_kernel_dcache_page_asm(), copy_user_highpage(), __flush_tlb_range(), flush_cache_range(), flush_anon_page() and invalidate_kernel_vmap_range() functions in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper error handling

EUVDB-ID: #VU94290

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40923

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU94206

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40936

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU94249

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40951

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_fill_super() function in fs/ocfs2/super.c, within the to_ocfs2_trigger(), ocfs2_db_frozen_trigger() and __ocfs2_journal_access() functions in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU94248

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40952

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_dirty() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU94247

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU94319

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU94301

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU94306

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40975

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU94271

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40977

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU94307

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40987

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU94265

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41004

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU94264

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU94345

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41007

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU94508

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41009

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-35.0.0.43

python3-perf: before 6.6.0-35.0.0.43

perf-debuginfo: before 6.6.0-35.0.0.43

perf: before 6.6.0-35.0.0.43

kernel-tools-devel: before 6.6.0-35.0.0.43

kernel-tools-debuginfo: before 6.6.0-35.0.0.43

kernel-tools: before 6.6.0-35.0.0.43

kernel-source: before 6.6.0-35.0.0.43

kernel-headers: before 6.6.0-35.0.0.43

kernel-devel: before 6.6.0-35.0.0.43

kernel-debugsource: before 6.6.0-35.0.0.43

kernel-debuginfo: before 6.6.0-35.0.0.43

bpftool-debuginfo: before 6.6.0-35.0.0.43

bpftool: before 6.6.0-35.0.0.43

kernel: before 6.6.0-35.0.0.43

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###