openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 39
CVE-ID CVE-2024-36904
CVE-2024-41008
CVE-2024-43904
CVE-2024-44954
CVE-2024-44959
CVE-2024-44962
CVE-2024-44965
CVE-2024-44967
CVE-2024-44969
CVE-2024-44974
CVE-2024-44984
CVE-2024-44991
CVE-2024-44994
CVE-2024-44995
CVE-2024-44996
CVE-2024-44999
CVE-2024-45000
CVE-2024-45002
CVE-2024-45003
CVE-2024-45008
CVE-2024-45019
CVE-2024-45025
CVE-2024-46687
CVE-2024-46706
CVE-2024-46714
CVE-2024-46720
CVE-2024-46723
CVE-2024-46731
CVE-2024-46733
CVE-2024-46742
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46751
CVE-2024-46752
CVE-2024-46759
CVE-2024-46785
CVE-2024-46786
CVE-2024-46800
CWE-ID CWE-416
CWE-388
CWE-476
CWE-667
CWE-119
CWE-20
CWE-399
CWE-908
CWE-682
CWE-125
CWE-401
CWE-191
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 39 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper error handling

EUVDB-ID: #VU94462

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41008

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kfd_smi_event_update_thermal_throttling() function in drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c, within the sdma_v4_4_2_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c, within the sdma_v4_0_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c, within the gmc_v9_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v8_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c, within the gmc_v11_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c, within the gmc_v10_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c, within the amdgpu_vm_ptes_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c, within the amdgpu_vm_validate(), amdgpu_vm_wait_idle(), amdgpu_vm_init(), amdgpu_vm_fini() and amdgpu_vm_ioctl() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c, within the amdgpu_coredump() function in drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c, within the amdgpu_job_timedout() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c, within the amdgpu_gem_object_open() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c, within the amdgpu_debugfs_vm_info_show() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU96529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU96863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tracefs_alloc_inode(), tracefs_free_inode() and tracefs_drop_inode() functions in fs/tracefs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper error handling

EUVDB-ID: #VU96868

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44962

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ps_cancel_timer() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU96890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU96834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU96873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44984

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU96840

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU96886

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iommu_report_device_fault() function in drivers/iommu/io-pgfault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU96879

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44996

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __vsock_recvmsg() function in net/vmw_vsock/vsock_bpf.c, within the __vsock_dgram_recvmsg(), vsock_connectible_recvmsg() and release_sock() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU96850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU96851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU97178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45019

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU97254

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46687

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU97281

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46706

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lpuart_probe() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU97533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU97490

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46733

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU97527

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46742

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the parse_durable_handle_context() and smb2_open() functions in fs/smb/server/smb2pdu.c, within the create_lease_buf() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU97518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46785

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the eventfs_remove_rec() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU97497

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46786

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-44.0.0.50

python3-perf: before 6.6.0-44.0.0.50

perf-debuginfo: before 6.6.0-44.0.0.50

perf: before 6.6.0-44.0.0.50

kernel-tools-devel: before 6.6.0-44.0.0.50

kernel-tools-debuginfo: before 6.6.0-44.0.0.50

kernel-tools: before 6.6.0-44.0.0.50

kernel-source: before 6.6.0-44.0.0.50

kernel-headers: before 6.6.0-44.0.0.50

kernel-devel: before 6.6.0-44.0.0.50

kernel-debugsource: before 6.6.0-44.0.0.50

kernel-debuginfo: before 6.6.0-44.0.0.50

bpftool-debuginfo: before 6.6.0-44.0.0.50

bpftool: before 6.6.0-44.0.0.50

kernel: before 6.6.0-44.0.0.50

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2181


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###