openEuler 22.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU93172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU93824
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39476
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU94989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41088
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU95014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-224.0.0.123
python3-perf: before 5.10.0-224.0.0.123
perf-debuginfo: before 5.10.0-224.0.0.123
perf: before 5.10.0-224.0.0.123
kernel-tools-devel: before 5.10.0-224.0.0.123
kernel-tools-debuginfo: before 5.10.0-224.0.0.123
kernel-tools: before 5.10.0-224.0.0.123
kernel-source: before 5.10.0-224.0.0.123
kernel-headers: before 5.10.0-224.0.0.123
kernel-devel: before 5.10.0-224.0.0.123
kernel-debugsource: before 5.10.0-224.0.0.123
kernel-debuginfo: before 5.10.0-224.0.0.123
bpftool-debuginfo: before 5.10.0-224.0.0.123
bpftool: before 5.10.0-224.0.0.123
kernel: before 5.10.0-224.0.0.123
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2028
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
