openEuler 22.03 LTS SP3 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 47
CVE-ID CVE-2022-48893
CVE-2023-52444
CVE-2023-52463
CVE-2023-52482
CVE-2023-52612
CVE-2023-52843
CVE-2024-26820
CVE-2024-36005
CVE-2024-40998
CVE-2024-42067
CVE-2024-42283
CVE-2024-42290
CVE-2024-42306
CVE-2024-42309
CVE-2024-42313
CVE-2024-42322
CVE-2024-43823
CVE-2024-43830
CVE-2024-43840
CVE-2024-43855
CVE-2024-43872
CVE-2024-43892
CVE-2024-43893
CVE-2024-44940
CVE-2024-44954
CVE-2024-44998
CVE-2024-45006
CVE-2024-45026
CVE-2024-46676
CVE-2024-46719
CVE-2024-46754
CVE-2024-46770
CVE-2024-46795
CVE-2024-46819
CVE-2024-46826
CVE-2024-46828
CVE-2024-46840
CVE-2024-46848
CVE-2024-46854
CVE-2024-46855
CVE-2024-46858
CVE-2024-47658
CVE-2024-47664
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2015-3290
CWE-ID CWE-401
CWE-617
CWE-476
CWE-121
CWE-119
CWE-908
CWE-399
CWE-667
CWE-682
CWE-416
CWE-415
CWE-362
CWE-369
CWE-20
CWE-125
CWE-835
CWE-264
Exploitation vector Local
Public exploit Public exploit code for vulnerability #47 is available.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 47 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU96320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_engines_init() function in drivers/gpu/drm/i915/gt/intel_engine_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Reachable assertion

EUVDB-ID: #VU90918

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52444

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU90660

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52463

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU91302

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52482

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the VULNBL_AMD() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU91314

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52612

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU90868

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52843

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU93775

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26820

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU94266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40998

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Incorrect calculation

EUVDB-ID: #VU95077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42067

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU96195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42283

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU96181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42290

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU96184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42306

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU96135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42309

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU96109

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU96189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42322

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU96127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43823

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Double free

EUVDB-ID: #VU96162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43830

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU96178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43840

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU96147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43855

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU96294

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43872

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU96553

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44940

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU97566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU97516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46795

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU97783

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU98369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47658

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Division by zero

EUVDB-ID: #VU98373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47664

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Security restrictions bypass

EUVDB-ID: #VU92492

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2015-3290

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to security restrictions bypass within the entry() function in arch/x86/entry/entry_64.s. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-232.0.0.134

python3-perf: before 5.10.0-232.0.0.134

perf-debuginfo: before 5.10.0-232.0.0.134

perf: before 5.10.0-232.0.0.134

kernel-tools-devel: before 5.10.0-232.0.0.134

kernel-tools-debuginfo: before 5.10.0-232.0.0.134

kernel-tools: before 5.10.0-232.0.0.134

kernel-source: before 5.10.0-232.0.0.134

kernel-headers: before 5.10.0-232.0.0.134

kernel-devel: before 5.10.0-232.0.0.134

kernel-debugsource: before 5.10.0-232.0.0.134

kernel-debuginfo: before 5.10.0-232.0.0.134

kernel: before 5.10.0-232.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###