openEuler 22.03 LTS SP3 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 32
CVE-ID CVE-2022-48920
CVE-2022-48935
CVE-2024-36946
CVE-2024-38613
CVE-2024-39490
CVE-2024-41002
CVE-2024-41015
CVE-2024-41059
CVE-2024-41068
CVE-2024-42120
CVE-2024-42122
CVE-2024-42265
CVE-2024-42271
CVE-2024-42280
CVE-2024-42281
CVE-2024-42284
CVE-2024-42285
CVE-2024-42288
CVE-2024-42297
CVE-2024-42302
CVE-2024-42305
CVE-2024-42308
CVE-2024-42318
CVE-2024-43819
CVE-2024-43828
CVE-2024-43831
CVE-2024-43853
CVE-2024-43860
CVE-2024-43861
CVE-2024-43866
CVE-2024-43879
CVE-2024-43882
CWE-ID CWE-667
CWE-416
CWE-119
CWE-401
CWE-20
CWE-908
CWE-399
CWE-476
CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 32 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU96437

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48920

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU96409

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nft_release_table() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU93469

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU92359

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38613

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU94085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39490

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU94212

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41002

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41068

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU95099

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42120

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU94961

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42122

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU96165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42297

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU96108

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU96182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42305

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU96136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42308

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU96210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42318

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU96130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use of uninitialized resource

EUVDB-ID: #VU96169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43828

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU96196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU96104

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU96118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43860

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU96293

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43866

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-225.0.0.128

python3-perf: before 5.10.0-225.0.0.128

perf-debuginfo: before 5.10.0-225.0.0.128

perf: before 5.10.0-225.0.0.128

kernel-tools-devel: before 5.10.0-225.0.0.128

kernel-tools-debuginfo: before 5.10.0-225.0.0.128

kernel-tools: before 5.10.0-225.0.0.128

kernel-source: before 5.10.0-225.0.0.128

kernel-headers: before 5.10.0-225.0.0.128

kernel-devel: before 5.10.0-225.0.0.128

kernel-debugsource: before 5.10.0-225.0.0.128

kernel-debuginfo: before 5.10.0-225.0.0.128

kernel: before 5.10.0-225.0.0.128

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###