openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU96369
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48877
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_lookup_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU96359
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the da9211_i2c_probe() function in drivers/regulator/da9211-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU96420
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU96429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48937
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_add_buffers() function in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU96345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52899
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the axi_chan_handle_err() function in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU96172
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42311
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2409.1.0.0293
python3-perf: before 4.19.90-2409.1.0.0293
python2-perf-debuginfo: before 4.19.90-2409.1.0.0293
python2-perf: before 4.19.90-2409.1.0.0293
perf-debuginfo: before 4.19.90-2409.1.0.0293
perf: before 4.19.90-2409.1.0.0293
kernel-tools-devel: before 4.19.90-2409.1.0.0293
kernel-tools-debuginfo: before 4.19.90-2409.1.0.0293
kernel-tools: before 4.19.90-2409.1.0.0293
kernel-source: before 4.19.90-2409.1.0.0293
kernel-devel: before 4.19.90-2409.1.0.0293
kernel-debugsource: before 4.19.90-2409.1.0.0293
kernel-debuginfo: before 4.19.90-2409.1.0.0293
bpftool-debuginfo: before 4.19.90-2409.1.0.0293
bpftool: before 4.19.90-2409.1.0.0293
kernel: before 4.19.90-2409.1.0.0293
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2109
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
