openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 31
CVE-ID CVE-2022-48828
CVE-2022-48872
CVE-2023-52691
CVE-2023-52748
CVE-2023-52894
CVE-2023-52900
CVE-2024-36270
CVE-2024-36915
CVE-2024-38565
CVE-2024-41017
CVE-2024-41059
CVE-2024-41098
CVE-2024-42104
CVE-2024-42119
CVE-2024-42292
CVE-2024-44965
CVE-2024-44974
CVE-2024-44995
CVE-2024-44999
CVE-2024-45003
CVE-2024-45028
CVE-2024-46714
CVE-2024-46723
CVE-2024-46731
CVE-2024-46733
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46751
CVE-2024-46752
CVE-2024-46787
CWE-ID CWE-191
CWE-416
CWE-415
CWE-119
CWE-476
CWE-125
CWE-399
CWE-20
CWE-908
CWE-388
CWE-667
CWE-401
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 31 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU94466

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU96329

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48872

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fastrpc_map_put() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double free

EUVDB-ID: #VU90921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52691

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU93621

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52748

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the f2fs_init_page_array_cache() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU96340

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52894

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the func_to_ncm() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU96344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52900

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __nilfs_btree_get_block() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU93028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU90268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36915

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU93836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41098

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU94937

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42104

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper error handling

EUVDB-ID: #VU95015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42119

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU96114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU96834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Memory leak

EUVDB-ID: #VU97490

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46733

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.95.0.176

python3-perf: before 5.10.0-136.95.0.176

perf-debuginfo: before 5.10.0-136.95.0.176

perf: before 5.10.0-136.95.0.176

kernel-tools-devel: before 5.10.0-136.95.0.176

kernel-tools-debuginfo: before 5.10.0-136.95.0.176

kernel-tools: before 5.10.0-136.95.0.176

kernel-source: before 5.10.0-136.95.0.176

kernel-headers: before 5.10.0-136.95.0.176

kernel-devel: before 5.10.0-136.95.0.176

kernel-debugsource: before 5.10.0-136.95.0.176

kernel-debuginfo: before 5.10.0-136.95.0.176

kernel: before 5.10.0-136.95.0.176

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###