openEuler 22.03 LTS SP3 update for kernel
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU96437
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48920
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU96409
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48935
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nft_release_table() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU94212
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU94961
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42122
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU96108
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU96136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42308
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU96210
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42318
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hook_cred_prepare() and hook_cred_free() functions in security/landlock/cred.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use of uninitialized resource
EUVDB-ID: #VU96169
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43828
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU96118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-225.0.0.128
python3-perf: before 5.10.0-225.0.0.128
perf-debuginfo: before 5.10.0-225.0.0.128
perf: before 5.10.0-225.0.0.128
kernel-tools-devel: before 5.10.0-225.0.0.128
kernel-tools-debuginfo: before 5.10.0-225.0.0.128
kernel-tools: before 5.10.0-225.0.0.128
kernel-source: before 5.10.0-225.0.0.128
kernel-headers: before 5.10.0-225.0.0.128
kernel-devel: before 5.10.0-225.0.0.128
kernel-debugsource: before 5.10.0-225.0.0.128
kernel-debuginfo: before 5.10.0-225.0.0.128
kernel: before 5.10.0-225.0.0.128
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2078
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
