openEuler 22.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU94444
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU96132
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52889
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU90461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU94105
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27065
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper error handling
EUVDB-ID: #VU94462
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41008
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kfd_smi_event_update_thermal_throttling() function in drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c, within the sdma_v4_4_2_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c, within the sdma_v4_0_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c, within the gmc_v9_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v8_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c, within the gmc_v11_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c, within the gmc_v10_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c, within the amdgpu_vm_ptes_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c, within the amdgpu_vm_validate(), amdgpu_vm_wait_idle(), amdgpu_vm_init(), amdgpu_vm_fini() and amdgpu_vm_ioctl() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c, within the amdgpu_coredump() function in drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c, within the amdgpu_job_timedout() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c, within the amdgpu_gem_object_open() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c, within the amdgpu_debugfs_vm_info_show() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU94978
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU95073
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU94983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU95062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU96204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42267
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU96166
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42295
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU96193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42299
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU96126
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU96103
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU96538
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Division by zero
EUVDB-ID: #VU96545
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43889
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU96533
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU96530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU96528
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU96525
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU96517
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44934
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU96550
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44938
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU96552
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-226.0.0.125
python3-perf: before 5.10.0-226.0.0.125
perf-debuginfo: before 5.10.0-226.0.0.125
perf: before 5.10.0-226.0.0.125
kernel-tools-devel: before 5.10.0-226.0.0.125
kernel-tools-debuginfo: before 5.10.0-226.0.0.125
kernel-tools: before 5.10.0-226.0.0.125
kernel-source: before 5.10.0-226.0.0.125
kernel-headers: before 5.10.0-226.0.0.125
kernel-devel: before 5.10.0-226.0.0.125
kernel-debugsource: before 5.10.0-226.0.0.125
kernel-debuginfo: before 5.10.0-226.0.0.125
bpftool-debuginfo: before 5.10.0-226.0.0.125
bpftool: before 5.10.0-226.0.0.125
kernel: before 5.10.0-226.0.0.125
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
