openEuler 24.03 LTS update for kernel



Published: 2024-08-09
Risk Low
Patch available YES
Number of vulnerabilities 78
CVE-ID CVE-2024-33619
CVE-2024-35247
CVE-2024-35848
CVE-2024-35859
CVE-2024-35966
CVE-2024-36890
CVE-2024-36896
CVE-2024-36899
CVE-2024-36901
CVE-2024-36944
CVE-2024-36964
CVE-2024-38556
CVE-2024-38576
CVE-2024-38600
CVE-2024-38606
CVE-2024-38607
CVE-2024-38617
CVE-2024-39471
CVE-2024-39473
CVE-2024-39475
CVE-2024-39481
CVE-2024-39486
CVE-2024-39493
CVE-2024-39496
CVE-2024-39503
CVE-2024-40900
CVE-2024-40906
CVE-2024-40908
CVE-2024-40913
CVE-2024-40920
CVE-2024-40921
CVE-2024-40922
CVE-2024-40935
CVE-2024-40953
CVE-2024-40962
CVE-2024-40967
CVE-2024-40981
CVE-2024-41006
CVE-2024-41010
CVE-2024-41013
CVE-2024-41014
CVE-2024-41018
CVE-2024-41019
CVE-2024-41020
CVE-2024-41021
CVE-2024-41023
CVE-2024-41039
CVE-2024-41040
CVE-2024-41041
CVE-2024-41044
CVE-2024-41045
CVE-2024-41048
CVE-2024-41049
CVE-2024-41056
CVE-2024-41062
CVE-2024-41063
CVE-2024-41064
CVE-2024-41069
CVE-2024-41072
CVE-2024-41073
CVE-2024-41074
CVE-2024-41075
CVE-2024-41076
CVE-2024-41077
CVE-2024-41080
CVE-2024-41085
CVE-2024-41090
CVE-2024-41091
CVE-2024-41096
CVE-2024-42068
CVE-2024-42086
CVE-2024-42097
CVE-2024-42115
CVE-2024-42126
CVE-2024-42129
CVE-2024-42155
CVE-2024-42162
CVE-2024-42228
CWE-ID CWE-908
CWE-476
CWE-119
CWE-401
CWE-125
CWE-399
CWE-416
CWE-667
CWE-269
CWE-369
CWE-20
CWE-388
CWE-415
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 78 vulnerabilities.

1) Use of uninitialized resource

EUVDB-ID: #VU93041

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU93122

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35247

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU91199

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35848

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU91641

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35859

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bdev_open_by_dev() function in block/bdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU90306

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU93391

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36890

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/linux/slab.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU91455

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU90048

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU91224

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU91502

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36944

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper privilege management

EUVDB-ID: #VU93734

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36964

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU92329

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38556

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cmd_work_handler(), wait_func() and mlx5_cmd_invoke() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU92377

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38576

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tree_stall.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU92360

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38600

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU93402

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38606

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_tl_data() and adf_tl_run() functions in drivers/crypto/intel/qat/qat_common/adf_telemetry.c, within the adf_gen4_init_tl_data() function in drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU93181

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38607

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU93802

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38617

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_ALLOC_SIZE_TEST_PAIR() function in lib/fortify_kunit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU93326

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39471

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU93822

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39473

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sof_ipc4_get_input_pin_audio_fmt() function in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Division by zero

EUVDB-ID: #VU93828

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39475

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU93831

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39481

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the media_pipeline_explore_next_link() function in drivers/media/mc/mc-entity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU93834

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39486

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_file_update_pid() function in drivers/gpu/drm/drm_file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory leak

EUVDB-ID: #VU94086

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39493

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU94231

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU94230

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39503

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU94226

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_flush_reqs() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU94202

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40906

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlx5_function_teardown() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU94316

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU94214

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40913

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_restore(), cachefiles_ondemand_get_fd() and cachefiles_ondemand_daemon_read() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU94221

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40920

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_mst_set_state() function in net/bridge/br_mst.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU94253

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the br_mst_get_state(), br_mst_set_state() and br_mst_vlan_sync_state() functions in net/bridge/br_mst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU94279

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40922

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_rsrc_ref_quiesce() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU94219

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_daemon_open() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU94243

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU94274

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40967

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU94269

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40981

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Memory leak

EUVDB-ID: #VU94213

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41006

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU94507

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41010

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU94835

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41013

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __xfs_dir3_data_check() function in fs/xfs/libxfs/xfs_dir2_data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU94836

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU94838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41018

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the log_replay() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU94839

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41019

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU94996

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41020

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper error handling

EUVDB-ID: #VU95023

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41021

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fault_error_nolock() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU95042

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41039

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU94949

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41040

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU95069

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41041

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU95108

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41044

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU94948

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41045

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_timer_delete_work(), __bpf_async_init() and __bpf_spin_unlock_irqrestore() functions in kernel/bpf/helpers.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU95107

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41056

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU94977

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU94991

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41064

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU94943

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41069

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU95106

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41072

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper locking

EUVDB-ID: #VU95087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41074

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU95004

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41075

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Memory leak

EUVDB-ID: #VU94928

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU94976

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41077

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU94972

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41085

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cxl_mem_probe() function in drivers/cxl/mem.c, within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c, within the match_nvdimm_bridge() and cxlmd_release_nvdimm() functions in drivers/cxl/core/pmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU94941

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41096

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Incorrect calculation

EUVDB-ID: #VU95076

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42068

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU95041

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42086

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU95001

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU94932

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42126

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU95059

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42129

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Input validation error

EUVDB-ID: #VU95092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42155

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Incorrect calculation

EUVDB-ID: #VU95074

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42162

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use of uninitialized resource

EUVDB-ID: #VU95029

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42228

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-37.0.0.44

python3-perf: before 6.6.0-37.0.0.44

perf-debuginfo: before 6.6.0-37.0.0.44

perf: before 6.6.0-37.0.0.44

kernel-tools-devel: before 6.6.0-37.0.0.44

kernel-tools-debuginfo: before 6.6.0-37.0.0.44

kernel-tools: before 6.6.0-37.0.0.44

kernel-source: before 6.6.0-37.0.0.44

kernel-headers: before 6.6.0-37.0.0.44

kernel-devel: before 6.6.0-37.0.0.44

kernel-debugsource: before 6.6.0-37.0.0.44

kernel-debuginfo: before 6.6.0-37.0.0.44

bpftool-debuginfo: before 6.6.0-37.0.0.44

bpftool: before 6.6.0-37.0.0.44

kernel: before 6.6.0-37.0.0.44

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1960


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###