openEuler 22.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU96327
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drv_disable_wq() function in drivers/dma/idxd/device.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU96358
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48887
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_execbuf_rcache_update(), vmw_execbuf_res_noref_val_add(), vmw_view_res_val_add(), vmw_resource_context_res_add(), vmw_cmd_res_check(), vmw_translate_mob_ptr(), vmw_translate_guest_ptr(), vmw_cmd_set_shader(), vmw_cmd_dx_set_shader(), vmw_cmd_dx_bind_shader(), vmw_cmd_dx_bind_streamoutput(), vmw_cmd_dx_set_streamoutput() and vmw_execbuf_tie_context() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c, within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c, within the ttm_base_object_unref() and ttm_base_object_lookup() functions in drivers/gpu/drm/vmwgfx/ttm_object.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU96434
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48901
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU96435
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48902
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the assert_eb_page_uptodate() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU96597
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU95034
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU96205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42276
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU96172
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42311
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU96200
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43849
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU96532
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43899
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU96526
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU96522
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Memory leak
EUVDB-ID: #VU96832
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44971
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU96834
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-228.0.0.127
python3-perf: before 5.10.0-228.0.0.127
perf-debuginfo: before 5.10.0-228.0.0.127
perf: before 5.10.0-228.0.0.127
kernel-tools-devel: before 5.10.0-228.0.0.127
kernel-tools-debuginfo: before 5.10.0-228.0.0.127
kernel-tools: before 5.10.0-228.0.0.127
kernel-source: before 5.10.0-228.0.0.127
kernel-headers: before 5.10.0-228.0.0.127
kernel-devel: before 5.10.0-228.0.0.127
kernel-debugsource: before 5.10.0-228.0.0.127
kernel-debuginfo: before 5.10.0-228.0.0.127
bpftool-debuginfo: before 5.10.0-228.0.0.127
bpftool: before 5.10.0-228.0.0.127
kernel: before 5.10.0-228.0.0.127
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2125
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
