openEuler 22.03 LTS SP1 update for kernel
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90262
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Initialization
EUVDB-ID: #VU91547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36900
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU90269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Double free
EUVDB-ID: #VU95011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU94989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41088
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU94997
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper error handling
EUVDB-ID: #VU95014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.90.0.171
python3-perf: before 5.10.0-136.90.0.171
perf-debuginfo: before 5.10.0-136.90.0.171
perf: before 5.10.0-136.90.0.171
kernel-tools-devel: before 5.10.0-136.90.0.171
kernel-tools-debuginfo: before 5.10.0-136.90.0.171
kernel-tools: before 5.10.0-136.90.0.171
kernel-source: before 5.10.0-136.90.0.171
kernel-headers: before 5.10.0-136.90.0.171
kernel-devel: before 5.10.0-136.90.0.171
kernel-debugsource: before 5.10.0-136.90.0.171
kernel-debuginfo: before 5.10.0-136.90.0.171
kernel: before 5.10.0-136.90.0.171
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
