openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 54
CVE-ID CVE-2021-47292
CVE-2021-47504
CVE-2021-47556
CVE-2022-48634
CVE-2022-48639
CVE-2022-48642
CVE-2022-48643
CVE-2022-48644
CVE-2022-48647
CVE-2022-48648
CVE-2022-48656
CVE-2022-48663
CVE-2022-48671
CVE-2022-48672
CVE-2022-48675
CVE-2022-48686
CVE-2022-48687
CVE-2022-48691
CVE-2022-48873
CVE-2022-48896
CVE-2022-48898
CVE-2022-48899
CVE-2022-48920
CVE-2022-48935
CVE-2023-52893
CVE-2023-52898
CVE-2023-52901
CVE-2023-52903
CVE-2024-22386
CVE-2024-36946
CVE-2024-38613
CVE-2024-39490
CVE-2024-41002
CVE-2024-41068
CVE-2024-42120
CVE-2024-42122
CVE-2024-42265
CVE-2024-42271
CVE-2024-42280
CVE-2024-42281
CVE-2024-42284
CVE-2024-42285
CVE-2024-42297
CVE-2024-42305
CVE-2024-42308
CVE-2024-43819
CVE-2024-43828
CVE-2024-43831
CVE-2024-43853
CVE-2024-43860
CVE-2024-43861
CVE-2024-43866
CVE-2024-43879
CVE-2024-43882
CWE-ID CWE-401
CWE-399
CWE-476
CWE-667
CWE-200
CWE-191
CWE-193
CWE-416
CWE-125
CWE-362
CWE-119
CWE-20
CWE-388
CWE-908
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 54 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU89954

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47292

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the io_init_wq_offload() function in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU93837

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47504

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the io_uring_drop_tctx_refs() and io_uring_cancel_generic() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU90530

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47556

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ethtool_set_coalesce() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU91451

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48634

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gma_crtc_page_flip() function in drivers/gpu/drm/gma500/gma_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU91361

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48639

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the net/sched/cls_api.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU89996

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48642

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer underflow

EUVDB-ID: #VU91670

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48643

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU91452

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48644

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the taprio_enable_offload() and taprio_disable_offload() functions in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU90564

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48647

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_probe_interrupts() function in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU90566

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48648

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_hard_start_xmit() function in drivers/net/ethernet/sfc/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU91362

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48656

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the of_xudma_dev_get() function in drivers/dma/ti/k3-udma-private.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU90567

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48663

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpio_mockup_init() function in drivers/gpio/gpio-mockup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU90763

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48671

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cgroup_attach_task_all() function in kernel/cgroup/cgroup-v1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Off-by-one

EUVDB-ID: #VU91174

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48672

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU90762

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48675

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mmput_async() function in kernel/fork.c, within the mutex_unlock() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU90175

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48686

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU90314

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48687

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU89990

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48691

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_basechain_init() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU96330

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48873

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fastrpc_free_map(), fastrpc_buf_free() and fastrpc_device_release() functions in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU96321

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48896

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii() functions in drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU96360

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48898

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dp_aux_isr() function in drivers/gpu/drm/msm/dp/dp_aux.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU96334

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU96437

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48920

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU96409

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nft_release_table() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU96349

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52893

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU96346

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU96343

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_kill_endpoint_urbs() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU96361

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52903

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_iopoll_complete() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Concurrent execution using shared resource with improper synchronization ('race condition')

EUVDB-ID: #VU92718

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22386

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU93469

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU92359

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38613

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU94085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39490

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU94212

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41002

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41068

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU95099

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42120

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU94961

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42122

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c, within the dcn321_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn321/dcn321_resource.c, within the dcn32_hpo_dp_link_encoder_create() and dml1_validate() functions in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn316/dcn316_resource.c, within the dcn31_hpo_dp_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn314_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c, within the dcn31_hpo_dp_link_encoder_create() and dcn31_validate_bandwidth() functions in drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c, within the dcn30_validate_bandwidth() function in drivers/gpu/drm/amd/display/dc/resource/dcn30/dcn30_resource.c, within the dcn32_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c, within the dcn3_clk_mgr_construct() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper error handling

EUVDB-ID: #VU96165

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42297

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU96182

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42305

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU96136

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42308

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_plane_get_status() function in drivers/gpu/drm/amd/display/dc/core/dc_surface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU96130

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use of uninitialized resource

EUVDB-ID: #VU96169

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43828

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Input validation error

EUVDB-ID: #VU96196

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU96104

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU96118

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43860

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU96293

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43866

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.91.0.172

python3-perf: before 5.10.0-136.91.0.172

perf-debuginfo: before 5.10.0-136.91.0.172

perf: before 5.10.0-136.91.0.172

kernel-tools-devel: before 5.10.0-136.91.0.172

kernel-tools-debuginfo: before 5.10.0-136.91.0.172

kernel-tools: before 5.10.0-136.91.0.172

kernel-source: before 5.10.0-136.91.0.172

kernel-headers: before 5.10.0-136.91.0.172

kernel-devel: before 5.10.0-136.91.0.172

kernel-debugsource: before 5.10.0-136.91.0.172

kernel-debuginfo: before 5.10.0-136.91.0.172

kernel: before 5.10.0-136.91.0.172

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2080


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###