openEuler 22.03 LTS SP1 update for kernel



Risk Medium
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2021-47484
CVE-2023-52881
CVE-2024-27030
CVE-2024-27074
CVE-2024-27403
CVE-2024-35789
CVE-2024-35829
CVE-2024-35871
CVE-2024-36004
CVE-2024-36007
CVE-2024-36244
CVE-2024-38608
CVE-2024-38612
CVE-2024-39495
CVE-2024-40958
CVE-2024-42289
CVE-2024-42321
CVE-2024-43880
CVE-2024-44931
CVE-2024-44952
CVE-2024-44989
CVE-2024-44990
CVE-2024-45018
CVE-2024-46716
CVE-2024-46817
CVE-2024-46822
CVE-2024-46826
CVE-2024-46859
CVE-2024-47661
CWE-ID CWE-476
CWE-451
CWE-362
CWE-401
CWE-191
CWE-416
CWE-399
CWE-682
CWE-667
CWE-908
CWE-20
CWE-125
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU90403

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47484

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nix_free_tx_vtag_entries() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c, within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU91473

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27030

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU90453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer underflow

EUVDB-ID: #VU91669

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27403

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU90446

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35829

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU91639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Incorrect calculation

EUVDB-ID: #VU93612

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36007

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36244

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU92341

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38608

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU92314

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38612

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU94232

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39495

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU94215

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU96139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42289

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU96183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42321

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __skb_flow_dissect() function in net/core/flow_dissector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU96305

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43880

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU96857

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44952

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU96847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44989

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU97572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU97830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU98371

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47661

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.98.0.179

python3-perf: before 5.10.0-136.98.0.179

perf-debuginfo: before 5.10.0-136.98.0.179

perf: before 5.10.0-136.98.0.179

kernel-tools-devel: before 5.10.0-136.98.0.179

kernel-tools-debuginfo: before 5.10.0-136.98.0.179

kernel-tools: before 5.10.0-136.98.0.179

kernel-source: before 5.10.0-136.98.0.179

kernel-headers: before 5.10.0-136.98.0.179

kernel-devel: before 5.10.0-136.98.0.179

kernel-debugsource: before 5.10.0-136.98.0.179

kernel-debuginfo: before 5.10.0-136.98.0.179

kernel: before 5.10.0-136.98.0.179

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###