openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 74
CVE-ID CVE-2022-48916
CVE-2022-48946
CVE-2022-48952
CVE-2022-48967
CVE-2022-48973
CVE-2022-48977
CVE-2022-48986
CVE-2022-48988
CVE-2022-48991
CVE-2022-48994
CVE-2022-49006
CVE-2022-49007
CVE-2022-49019
CVE-2022-49029
CVE-2022-49030
CVE-2022-49033
CVE-2023-52754
CVE-2023-52855
CVE-2023-52917
CVE-2023-52918
CVE-2023-52919
CVE-2024-26917
CVE-2024-35878
CVE-2024-35990
CVE-2024-36286
CVE-2024-38635
CVE-2024-38667
CVE-2024-41015
CVE-2024-42152
CVE-2024-42301
CVE-2024-43841
CVE-2024-43858
CVE-2024-43867
CVE-2024-43871
CVE-2024-43894
CVE-2024-46675
CVE-2024-46689
CVE-2024-46722
CVE-2024-46724
CVE-2024-46757
CVE-2024-46802
CVE-2024-46830
CVE-2024-46853
CVE-2024-47667
CVE-2024-47669
CVE-2024-47684
CVE-2024-47685
CVE-2024-47695
CVE-2024-47698
CVE-2024-47709
CVE-2024-47710
CVE-2024-47720
CVE-2024-47737
CVE-2024-47757
CVE-2024-49866
CVE-2024-49867
CVE-2024-49868
CVE-2024-49875
CVE-2024-49894
CVE-2024-49895
CVE-2024-49900
CVE-2024-49902
CVE-2024-49903
CVE-2024-49911
CVE-2024-49927
CVE-2024-49959
CVE-2024-49966
CVE-2024-49969
CVE-2024-49974
CVE-2024-49985
CVE-2024-50007
CVE-2024-50025
CVE-2024-50036
CVE-2024-50049
CWE-ID CWE-667
CWE-119
CWE-399
CWE-20
CWE-388
CWE-835
CWE-190
CWE-476
CWE-125
CWE-401
CWE-191
CWE-416
CWE-908
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 74 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU96436

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48916

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dmar_insert_one_dev_info() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU99094

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU99158

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48952

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mt7621_pcie_register_host() function in drivers/staging/mt7621-pci/pci-mt7621.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU99211

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper error handling

EUVDB-ID: #VU99065

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU99217

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU99144

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48986

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gup_pud_range() function in mm/gup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU99197

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48988

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU99215

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48991

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU99195

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU99119

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49006

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU99036

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Infinite loop

EUVDB-ID: #VU99120

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49019

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU99161

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49029

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU99089

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49030

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ring_buffer__add() function in tools/lib/bpf/ringbuf.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU99009

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49033

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_qgroup_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU90854

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU90435

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU99255

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU90778

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26917

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU90508

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU91513

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35990

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xilinx_dpdma_chan_vsync_irq(), xilinx_dpdma_issue_pending() and xilinx_dpdma_chan_err_task() functions in drivers/dma/xilinx/xilinx_dpdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU93036

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36286

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU93027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38635

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU93168

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38667

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU94922

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42152

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU96187

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43841

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Integer underflow

EUVDB-ID: #VU96301

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43867

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU96536

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43894

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Infinite loop

EUVDB-ID: #VU97279

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46689

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU97804

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46830

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU99148

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49927

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper locking

EUVDB-ID: #VU99001

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50025

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.99.0.180

python3-perf: before 5.10.0-136.99.0.180

perf-debuginfo: before 5.10.0-136.99.0.180

perf: before 5.10.0-136.99.0.180

kernel-tools-devel: before 5.10.0-136.99.0.180

kernel-tools-debuginfo: before 5.10.0-136.99.0.180

kernel-tools: before 5.10.0-136.99.0.180

kernel-source: before 5.10.0-136.99.0.180

kernel-headers: before 5.10.0-136.99.0.180

kernel-devel: before 5.10.0-136.99.0.180

kernel-debugsource: before 5.10.0-136.99.0.180

kernel-debuginfo: before 5.10.0-136.99.0.180

kernel: before 5.10.0-136.99.0.180

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2324


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###