openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 69
CVE-ID CVE-2024-42067
CVE-2024-42312
CVE-2024-44949
CVE-2024-44958
CVE-2024-45009
CVE-2024-45011
CVE-2024-45016
CVE-2024-45028
CVE-2024-45029
CVE-2024-46673
CVE-2024-46674
CVE-2024-46679
CVE-2024-46681
CVE-2024-46686
CVE-2024-46695
CVE-2024-46701
CVE-2024-46717
CVE-2024-46721
CVE-2024-46722
CVE-2024-46725
CVE-2024-46728
CVE-2024-46732
CVE-2024-46734
CVE-2024-46736
CVE-2024-46737
CVE-2024-46738
CVE-2024-46739
CVE-2024-46740
CVE-2024-46750
CVE-2024-46753
CVE-2024-46755
CVE-2024-46756
CVE-2024-46758
CVE-2024-46760
CVE-2024-46761
CVE-2024-46767
CVE-2024-46768
CVE-2024-46771
CVE-2024-46772
CVE-2024-46773
CVE-2024-46776
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46784
CVE-2024-46787
CVE-2024-46788
CVE-2024-46791
CVE-2024-46796
CVE-2024-46797
CVE-2024-46798
CVE-2024-46804
CVE-2024-46806
CVE-2024-46811
CVE-2024-46812
CVE-2024-46814
CVE-2024-46816
CVE-2024-46818
CVE-2024-46827
CVE-2024-46829
CVE-2024-46841
CVE-2024-46842
CVE-2024-46843
CVE-2024-46844
CVE-2024-46845
CVE-2024-46846
CVE-2024-46849
CVE-2024-46852
CVE-2024-46857
CWE-ID CWE-682
CWE-20
CWE-96
CWE-399
CWE-416
CWE-476
CWE-667
CWE-835
CWE-125
CWE-119
CWE-369
CWE-388
CWE-191
CWE-401
CWE-190
CWE-617
CWE-193
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 69 vulnerabilities.

1) Incorrect calculation

EUVDB-ID: #VU95077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42067

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU96209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42312

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper neutralization of directives in statically saved code (\'static code injection\')

EUVDB-ID: #VU96884

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44949

CWE-ID: CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that 2 unrelated 16-byte allocations share a cache line. If 1 of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that is the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU97191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45009

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU97169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU97180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45029

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU97252

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46679

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU97260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46686

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Infinite loop

EUVDB-ID: #VU97277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46701

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the simple_offset_destroy(), offset_dir_llseek(), offset_dir_emit() and offset_iterate_dir() functions in fs/libfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU97571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46717

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46721

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU97558

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU97537

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46734

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the skip_inode_logging() and btrfs_sync_file() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU97570

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46736

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smb2_rename_path() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU97492

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46740

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper error handling

EUVDB-ID: #VU97544

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46753

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU97524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46760

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Incorrect calculation

EUVDB-ID: #VU97562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46767

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper error handling

EUVDB-ID: #VU97545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46768

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the hp_wmi_notify() function in drivers/hwmon/hp-wmi-sensors.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU97567

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46772

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU97565

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU97569

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46776

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper error handling

EUVDB-ID: #VU97547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU97517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46788

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU97499

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46796

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_set_path_size() function in fs/smb/client/smb2inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU97515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46797

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Resource management error

EUVDB-ID: #VU97828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46806

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Reachable assertion

EUVDB-ID: #VU97812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46811

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU97845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46812

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU97811

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46827

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU97803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46829

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU97779

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU97832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46843

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Incorrect calculation

EUVDB-ID: #VU97833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46844

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Use-after-free

EUVDB-ID: #VU97780

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46845

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper error handling

EUVDB-ID: #VU97815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46846

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Off-by-one

EUVDB-ID: #VU97818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46852

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-46.0.0.51

python3-perf: before 6.6.0-46.0.0.51

perf-debuginfo: before 6.6.0-46.0.0.51

perf: before 6.6.0-46.0.0.51

kernel-tools-devel: before 6.6.0-46.0.0.51

kernel-tools-debuginfo: before 6.6.0-46.0.0.51

kernel-tools: before 6.6.0-46.0.0.51

kernel-source: before 6.6.0-46.0.0.51

kernel-headers: before 6.6.0-46.0.0.51

kernel-devel: before 6.6.0-46.0.0.51

kernel-debugsource: before 6.6.0-46.0.0.51

kernel-debuginfo: before 6.6.0-46.0.0.51

bpftool-debuginfo: before 6.6.0-46.0.0.51

bpftool: before 6.6.0-46.0.0.51

kernel: before 6.6.0-46.0.0.51

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2219


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###