openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 32
CVE-ID CVE-2021-47205
CVE-2022-48828
CVE-2024-35837
CVE-2024-39501
CVE-2024-40978
CVE-2024-40980
CVE-2024-41017
CVE-2024-41098
CVE-2024-42104
CVE-2024-42119
CVE-2024-42292
CVE-2024-43846
CVE-2024-43863
CVE-2024-44939
CVE-2024-44965
CVE-2024-44995
CVE-2024-44999
CVE-2024-45003
CVE-2024-45025
CVE-2024-45028
CVE-2024-46714
CVE-2024-46723
CVE-2024-46731
CVE-2024-46733
CVE-2024-46742
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46751
CVE-2024-46752
CVE-2024-46787
CVE-2024-46800
CWE-ID CWE-401
CWE-191
CWE-908
CWE-667
CWE-399
CWE-20
CWE-476
CWE-416
CWE-388
CWE-125
CWE-119
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 32 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU90007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47205

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer underflow

EUVDB-ID: #VU94466

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of uninitialized resource

EUVDB-ID: #VU93435

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35837

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU94277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39501

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU94299

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU94270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41098

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU94937

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42104

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper error handling

EUVDB-ID: #VU95015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42119

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU96114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU96186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43846

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU96297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43863

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU96551

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44939

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dtInsert() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU97490

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46733

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU97527

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46742

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the parse_durable_handle_context() and smb2_open() functions in fs/smb/server/smb2pdu.c, within the create_lease_buf() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-230.0.0.129

python3-perf: before 5.10.0-230.0.0.129

perf-debuginfo: before 5.10.0-230.0.0.129

perf: before 5.10.0-230.0.0.129

kernel-tools-devel: before 5.10.0-230.0.0.129

kernel-tools-debuginfo: before 5.10.0-230.0.0.129

kernel-tools: before 5.10.0-230.0.0.129

kernel-source: before 5.10.0-230.0.0.129

kernel-headers: before 5.10.0-230.0.0.129

kernel-devel: before 5.10.0-230.0.0.129

kernel-debugsource: before 5.10.0-230.0.0.129

kernel-debuginfo: before 5.10.0-230.0.0.129

bpftool-debuginfo: before 5.10.0-230.0.0.129

bpftool: before 5.10.0-230.0.0.129

kernel: before 5.10.0-230.0.0.129

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2182


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###