openEuler 24.03 LTS update for kernel
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Improper error handling
EUVDB-ID: #VU90943
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_pci_slot_reset() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized resource
EUVDB-ID: #VU90864
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU93818
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39484
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU94229
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39508
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the WORKER_IDLE_TIMEOUT(), io_work_get_acct(), io_worker_exit(), io_wq_dec_running(), __io_worker_busy(), io_wq_worker(), io_wq_worker_running(), io_wq_worker_sleeping(), io_init_new_worker(), init_completion() and io_wq_work_match_item() functions in io_uring/io-wq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU94222
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU94272
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40972
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
