openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 47
CVE-ID CVE-2024-39482
CVE-2024-41030
CVE-2024-41095
CVE-2024-43900
CVE-2024-44958
CVE-2024-44982
CVE-2024-45008
CVE-2024-45016
CVE-2024-46673
CVE-2024-46674
CVE-2024-46679
CVE-2024-46681
CVE-2024-46695
CVE-2024-46707
CVE-2024-46721
CVE-2024-46725
CVE-2024-46726
CVE-2024-46732
CVE-2024-46737
CVE-2024-46738
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46750
CVE-2024-46753
CVE-2024-46755
CVE-2024-46756
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46791
CVE-2024-46798
CVE-2024-46804
CVE-2024-46814
CVE-2024-46816
CVE-2024-46818
CVE-2024-46821
CVE-2024-46829
CVE-2024-46833
CVE-2024-46841
CVE-2024-46844
CVE-2024-46849
CVE-2024-46857
CWE-ID CWE-125
CWE-388
CWE-476
CWE-416
CWE-399
CWE-401
CWE-119
CWE-20
CWE-835
CWE-667
CWE-369
CWE-191
CWE-190
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 47 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU93821

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39482

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper error handling

EUVDB-ID: #VU95021

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41030

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU94966

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU96515

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU97169

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU97252

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46679

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46721

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46725

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU97557

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46726

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU97492

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46740

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU97544

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46753

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46804

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46814

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU97841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46821

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU97803

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46829

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU97788

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46833

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hclge_query_reg_info_of_ssu() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Incorrect calculation

EUVDB-ID: #VU97833

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46844

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-231.0.0.130

python3-perf: before 5.10.0-231.0.0.130

perf-debuginfo: before 5.10.0-231.0.0.130

perf: before 5.10.0-231.0.0.130

kernel-tools-devel: before 5.10.0-231.0.0.130

kernel-tools-debuginfo: before 5.10.0-231.0.0.130

kernel-tools: before 5.10.0-231.0.0.130

kernel-source: before 5.10.0-231.0.0.130

kernel-headers: before 5.10.0-231.0.0.130

kernel-devel: before 5.10.0-231.0.0.130

kernel-debugsource: before 5.10.0-231.0.0.130

kernel-debuginfo: before 5.10.0-231.0.0.130

bpftool-debuginfo: before 5.10.0-231.0.0.130

bpftool: before 5.10.0-231.0.0.130

kernel: before 5.10.0-231.0.0.130

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2220


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###