openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU94442
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48795
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sba_unmap_sg() function in drivers/parisc/sba_iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU96334
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU96408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48924
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU96400
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48928
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the men_z188_probe() function in drivers/iio/adc/men_z188_adc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU96433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shadow_page_table_clear_flood() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU96349
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU96346
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU96344
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52900
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_btree_get_block() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
