openEuler 22.03 LTS SP3 update for kernel
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90262
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU91675
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36020
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Initialization
EUVDB-ID: #VU91547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36900
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU94989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41088
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper error handling
EUVDB-ID: #VU95014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-224.0.0.127
python3-perf: before 5.10.0-224.0.0.127
perf-debuginfo: before 5.10.0-224.0.0.127
perf: before 5.10.0-224.0.0.127
kernel-tools-devel: before 5.10.0-224.0.0.127
kernel-tools-debuginfo: before 5.10.0-224.0.0.127
kernel-tools: before 5.10.0-224.0.0.127
kernel-source: before 5.10.0-224.0.0.127
kernel-headers: before 5.10.0-224.0.0.127
kernel-devel: before 5.10.0-224.0.0.127
kernel-debugsource: before 5.10.0-224.0.0.127
kernel-debuginfo: before 5.10.0-224.0.0.127
kernel: before 5.10.0-224.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2029
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
