openEuler 20.03 LTS SP4 update for kernel

Published: 2024-09-14

Risk	Low
Patch available	YES
Number of vulnerabilities	15
CVE-ID	CVE-2022-48905 CVE-2022-48914 CVE-2022-48926 CVE-2023-52451 CVE-2023-52612 CVE-2023-52855 CVE-2023-52894 CVE-2023-52907 CVE-2024-42259 CVE-2024-42295 CVE-2024-42301 CVE-2024-43856 CVE-2024-43858 CVE-2024-43871 CVE-2024-43914
CWE-ID	CWE-401 CWE-476 CWE-667 CWE-125 CWE-119 CWE-416 CWE-388 CWE-20
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU96404

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48905

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU96421

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xennet_close(), xennet_poll_controller() and xennet_destroy_queues() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU96426

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48926

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rndis_register(), rndis_free_response(), rndis_get_next_response() and rndis_add_response() functions in drivers/usb/gadget/function/rndis.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU88891

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52451

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU91314

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52612

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU90435

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU96340

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52894

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the func_to_ncm() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU96335

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52907

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pn533_usb_send_ack(), pn533_usb_send_frame(), pn533_acr122_poweron_rdr() and pn533_usb_probe() functions in drivers/nfc/pn533/usb.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper error handling

EUVDB-ID: #VU96166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42295

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU96191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43856

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2409.3.0.0294

python3-perf: before 4.19.90-2409.3.0.0294

python2-perf-debuginfo: before 4.19.90-2409.3.0.0294

python2-perf: before 4.19.90-2409.3.0.0294

perf-debuginfo: before 4.19.90-2409.3.0.0294

perf: before 4.19.90-2409.3.0.0294

kernel-tools-devel: before 4.19.90-2409.3.0.0294

kernel-tools-debuginfo: before 4.19.90-2409.3.0.0294

kernel-tools: before 4.19.90-2409.3.0.0294

kernel-source: before 4.19.90-2409.3.0.0294

kernel-devel: before 4.19.90-2409.3.0.0294

kernel-debugsource: before 4.19.90-2409.3.0.0294

kernel-debuginfo: before 4.19.90-2409.3.0.0294

bpftool-debuginfo: before 4.19.90-2409.3.0.0294

bpftool: before 4.19.90-2409.3.0.0294

kernel: before 4.19.90-2409.3.0.0294

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.