openEuler 24.03 LTS update for kernel
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU96551
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44939
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dtInsert() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU96854
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU96876
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44970
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU96837
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_xmit() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU96838
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44986
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU97170
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45020
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-42.0.0.49
python3-perf: before 6.6.0-42.0.0.49
perf-debuginfo: before 6.6.0-42.0.0.49
perf: before 6.6.0-42.0.0.49
kernel-tools-devel: before 6.6.0-42.0.0.49
kernel-tools-debuginfo: before 6.6.0-42.0.0.49
kernel-tools: before 6.6.0-42.0.0.49
kernel-source: before 6.6.0-42.0.0.49
kernel-headers: before 6.6.0-42.0.0.49
kernel-devel: before 6.6.0-42.0.0.49
kernel-debugsource: before 6.6.0-42.0.0.49
kernel-debuginfo: before 6.6.0-42.0.0.49
bpftool-debuginfo: before 6.6.0-42.0.0.49
bpftool: before 6.6.0-42.0.0.49
kernel: before 6.6.0-42.0.0.49
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
