openEuler 22.03 LTS SP1 update for kernel
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU96329
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_map_put() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Double free
EUVDB-ID: #VU90921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52691
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU93621
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52748
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_init_page_array_cache() function in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU96340
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the func_to_ncm() function in drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU96344
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52900
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_btree_get_block() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU90268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU94937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU96834
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU97490
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46733
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper error handling
EUVDB-ID: #VU97543
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46752
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.95.0.176
python3-perf: before 5.10.0-136.95.0.176
perf-debuginfo: before 5.10.0-136.95.0.176
perf: before 5.10.0-136.95.0.176
kernel-tools-devel: before 5.10.0-136.95.0.176
kernel-tools-debuginfo: before 5.10.0-136.95.0.176
kernel-tools: before 5.10.0-136.95.0.176
kernel-source: before 5.10.0-136.95.0.176
kernel-headers: before 5.10.0-136.95.0.176
kernel-devel: before 5.10.0-136.95.0.176
kernel-debugsource: before 5.10.0-136.95.0.176
kernel-debuginfo: before 5.10.0-136.95.0.176
kernel: before 5.10.0-136.95.0.176
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2185
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
