openEuler 20.03 LTS SP4 update for kernel
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93185
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47400
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hns3_nic_net_open() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU96355
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable assertion
EUVDB-ID: #VU90918
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52444
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90145
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35955
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90143
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35969
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU96109
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Double free
EUVDB-ID: #VU96162
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43830
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU97829
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU97808
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU97791
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2410.2.0.0299
python3-perf: before 4.19.90-2410.2.0.0299
python2-perf-debuginfo: before 4.19.90-2410.2.0.0299
python2-perf: before 4.19.90-2410.2.0.0299
perf-debuginfo: before 4.19.90-2410.2.0.0299
perf: before 4.19.90-2410.2.0.0299
kernel-tools-devel: before 4.19.90-2410.2.0.0299
kernel-tools-debuginfo: before 4.19.90-2410.2.0.0299
kernel-tools: before 4.19.90-2410.2.0.0299
kernel-source: before 4.19.90-2410.2.0.0299
kernel-devel: before 4.19.90-2410.2.0.0299
kernel-debugsource: before 4.19.90-2410.2.0.0299
kernel-debuginfo: before 4.19.90-2410.2.0.0299
bpftool-debuginfo: before 4.19.90-2410.2.0.0299
bpftool: before 4.19.90-2410.2.0.0299
kernel: before 4.19.90-2410.2.0.0299
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2256
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
