openEuler 20.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-48795 CVE-2022-48899 CVE-2022-48924 CVE-2022-48928 CVE-2022-48943 CVE-2023-52893 CVE-2023-52898 CVE-2023-52900 CVE-2024-39501 CVE-2024-41015 CVE-2024-41068 CVE-2024-42153 CVE-2024-42265 CVE-2024-42271 CVE-2024-42280 CVE-2024-42284 CVE-2024-42285 CVE-2024-42289 CVE-2024-42297 CVE-2024-42305 CVE-2024-43861 CVE-2024-43879 CVE-2024-43882 |
| CWE-ID | CWE-476 CWE-416 CWE-401 CWE-667 CWE-20 CWE-399 CWE-119 CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU94442
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48795
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sba_unmap_sg() function in drivers/parisc/sba_iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU96334
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU96408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48924
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU96400
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48928
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the men_z188_probe() function in drivers/iio/adc/men_z188_adc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU96433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shadow_page_table_clear_flood() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU96349
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU96346
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU96344
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52900
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_btree_get_block() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2408.5.0.0292
python3-perf: before 4.19.90-2408.5.0.0292
python2-perf-debuginfo: before 4.19.90-2408.5.0.0292
python2-perf: before 4.19.90-2408.5.0.0292
perf-debuginfo: before 4.19.90-2408.5.0.0292
perf: before 4.19.90-2408.5.0.0292
kernel-tools-devel: before 4.19.90-2408.5.0.0292
kernel-tools-debuginfo: before 4.19.90-2408.5.0.0292
kernel-tools: before 4.19.90-2408.5.0.0292
kernel-source: before 4.19.90-2408.5.0.0292
kernel-devel: before 4.19.90-2408.5.0.0292
kernel-debugsource: before 4.19.90-2408.5.0.0292
kernel-debuginfo: before 4.19.90-2408.5.0.0292
bpftool-debuginfo: before 4.19.90-2408.5.0.0292
bpftool: before 4.19.90-2408.5.0.0292
kernel: before 4.19.90-2408.5.0.0292
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2079
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
