openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 29 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU92071
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47181
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU93380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47189
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47204
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU92072
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU94455
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU94406
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU94431
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU94403
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU94482
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48845
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the start_secondary() function in arch/mips/kernel/smp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU94414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48851
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Double free
EUVDB-ID: #VU90892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52679
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Concurrent execution using shared resource with improper synchronization ('race condition')
EUVDB-ID: #VU92718
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22386
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU93818
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39484
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU94218
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
kernel-tools-devel: before 4.19.90-2408.1.0.0288
perf-debuginfo: before 4.19.90-2408.1.0.0288
bpftool: before 4.19.90-2408.1.0.0288
kernel-tools: before 4.19.90-2408.1.0.0288
python2-perf-debuginfo: before 4.19.90-2408.1.0.0288
python2-perf: before 4.19.90-2408.1.0.0288
perf: before 4.19.90-2408.1.0.0288
kernel-source: before 4.19.90-2408.1.0.0288
kernel-debugsource: before 4.19.90-2408.1.0.0288
python3-perf: before 4.19.90-2408.1.0.0288
kernel-devel: before 4.19.90-2408.1.0.0288
python3-perf-debuginfo: before 4.19.90-2408.1.0.0288
kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288
bpftool-debuginfo: before 4.19.90-2408.1.0.0288
kernel-debuginfo: before 4.19.90-2408.1.0.0288
kernel: before 4.19.90-2408.1.0.0288
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
