openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 29 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90582
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47202
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU94213
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41006
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU94836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU94843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU94943
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU94971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU94966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU95041
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU94988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU95000
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42092
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU95040
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU95001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42097
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU94937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU94932
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.2.0.0289
python3-perf: before 4.19.90-2408.2.0.0289
python2-perf-debuginfo: before 4.19.90-2408.2.0.0289
python2-perf: before 4.19.90-2408.2.0.0289
perf-debuginfo: before 4.19.90-2408.2.0.0289
perf: before 4.19.90-2408.2.0.0289
kernel-tools-devel: before 4.19.90-2408.2.0.0289
kernel-tools-debuginfo: before 4.19.90-2408.2.0.0289
kernel-tools: before 4.19.90-2408.2.0.0289
kernel-source: before 4.19.90-2408.2.0.0289
kernel-devel: before 4.19.90-2408.2.0.0289
kernel-debugsource: before 4.19.90-2408.2.0.0289
kernel-debuginfo: before 4.19.90-2408.2.0.0289
bpftool-debuginfo: before 4.19.90-2408.2.0.0289
bpftool: before 4.19.90-2408.2.0.0289
kernel: before 4.19.90-2408.2.0.0289
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1963
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
