openEuler 20.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-48946 CVE-2022-48967 CVE-2022-48973 CVE-2022-48994 CVE-2022-49007 CVE-2022-49010 CVE-2022-49029 CVE-2022-49033 CVE-2023-52918 CVE-2023-52919 CVE-2024-46675 CVE-2024-46677 CVE-2024-46685 CVE-2024-46724 CVE-2024-46743 CVE-2024-47685 CVE-2024-47698 CVE-2024-47709 CVE-2024-49855 CVE-2024-49894 CVE-2024-49900 CVE-2024-49959 CVE-2024-50036 |
| CWE-ID | CWE-119 CWE-20 CWE-388 CWE-399 CWE-667 CWE-476 CWE-125 CWE-908 CWE-416 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU99094
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU99211
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper error handling
EUVDB-ID: #VU99065
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48973
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU99195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU99036
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU99037
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49010
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU99161
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU99009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-49033
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_qgroup_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU99254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU99255
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU99087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU98919
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU99177
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU98893
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU98912
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use of uninitialized resource
EUVDB-ID: #VU99084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU99017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Incorrect calculation
EUVDB-ID: #VU99185
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50036
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2411.1.0.0301
python3-perf: before 4.19.90-2411.1.0.0301
python2-perf-debuginfo: before 4.19.90-2411.1.0.0301
python2-perf: before 4.19.90-2411.1.0.0301
perf-debuginfo: before 4.19.90-2411.1.0.0301
perf: before 4.19.90-2411.1.0.0301
kernel-tools-devel: before 4.19.90-2411.1.0.0301
kernel-tools-debuginfo: before 4.19.90-2411.1.0.0301
kernel-tools: before 4.19.90-2411.1.0.0301
kernel-source: before 4.19.90-2411.1.0.0301
kernel-devel: before 4.19.90-2411.1.0.0301
kernel-debugsource: before 4.19.90-2411.1.0.0301
kernel-debuginfo: before 4.19.90-2411.1.0.0301
bpftool-debuginfo: before 4.19.90-2411.1.0.0301
bpftool: before 4.19.90-2411.1.0.0301
kernel: before 4.19.90-2411.1.0.0301
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:
- cpe:2.3:o:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python3-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:python2-perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:perf:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-source:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:bpftool:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:kernel:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2323
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
