openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90583
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90262
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.4.0.0291
python3-perf: before 4.19.90-2408.4.0.0291
python2-perf-debuginfo: before 4.19.90-2408.4.0.0291
python2-perf: before 4.19.90-2408.4.0.0291
perf-debuginfo: before 4.19.90-2408.4.0.0291
perf: before 4.19.90-2408.4.0.0291
kernel-tools-devel: before 4.19.90-2408.4.0.0291
kernel-tools-debuginfo: before 4.19.90-2408.4.0.0291
kernel-tools: before 4.19.90-2408.4.0.0291
kernel-source: before 4.19.90-2408.4.0.0291
kernel-devel: before 4.19.90-2408.4.0.0291
kernel-debugsource: before 4.19.90-2408.4.0.0291
kernel-debuginfo: before 4.19.90-2408.4.0.0291
bpftool-debuginfo: before 4.19.90-2408.4.0.0291
bpftool: before 4.19.90-2408.4.0.0291
kernel: before 4.19.90-2408.4.0.0291
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2030
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
