openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2022-48887
CVE-2022-48901
CVE-2022-48902
CVE-2023-45896
CVE-2023-52451
CVE-2023-52488
CVE-2023-52868
CVE-2023-52907
CVE-2024-42259
CVE-2024-42267
CVE-2024-42276
CVE-2024-42311
CVE-2024-43849
CVE-2024-43856
CVE-2024-43899
CVE-2024-43902
CVE-2024-43907
CVE-2024-43914
CVE-2024-44935
CVE-2024-44942
CVE-2024-44947
CVE-2024-44971
CWE-ID CWE-667
CWE-125
CWE-20
CWE-119
CWE-416
CWE-908
CWE-476
CWE-401
Exploitation vector Local
Public exploit Public exploit code for vulnerability #21 is available.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU96358

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48887

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_execbuf_rcache_update(), vmw_execbuf_res_noref_val_add(), vmw_view_res_val_add(), vmw_resource_context_res_add(), vmw_cmd_res_check(), vmw_translate_mob_ptr(), vmw_translate_guest_ptr(), vmw_cmd_set_shader(), vmw_cmd_dx_set_shader(), vmw_cmd_dx_bind_shader(), vmw_cmd_dx_bind_streamoutput(), vmw_cmd_dx_set_streamoutput() and vmw_execbuf_tie_context() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c, within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c, within the ttm_base_object_unref() and ttm_base_object_lookup() functions in drivers/gpu/drm/vmwgfx/ttm_object.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU96434

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48901

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU96435

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48902

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the assert_eb_page_uptodate() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU96597

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-45896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU88891

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52451

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU94144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52488

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93616

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52868

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the thermal_zone_bind_cooling_device() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU96335

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52907

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pn533_usb_send_ack(), pn533_usb_send_frame(), pn533_acr122_poweron_rdr() and pn533_usb_probe() functions in drivers/nfc/pn533/usb.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU96204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42267

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU96205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42276

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use of uninitialized resource

EUVDB-ID: #VU96172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42311

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU96200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43849

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU96191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43856

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU96532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43899

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU96530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43902

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU96526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU96522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44935

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU96552

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44942

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Memory leak

EUVDB-ID: #VU96832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44971

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.93.0.174

python3-perf: before 5.10.0-136.93.0.174

perf-debuginfo: before 5.10.0-136.93.0.174

perf: before 5.10.0-136.93.0.174

kernel-tools-devel: before 5.10.0-136.93.0.174

kernel-tools-debuginfo: before 5.10.0-136.93.0.174

kernel-tools: before 5.10.0-136.93.0.174

kernel-source: before 5.10.0-136.93.0.174

kernel-headers: before 5.10.0-136.93.0.174

kernel-devel: before 5.10.0-136.93.0.174

kernel-debugsource: before 5.10.0-136.93.0.174

kernel-debuginfo: before 5.10.0-136.93.0.174

kernel: before 5.10.0-136.93.0.174

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2123


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###