openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 89
CVE-ID CVE-2022-48956
CVE-2022-48958
CVE-2022-48960
CVE-2022-48961
CVE-2022-48962
CVE-2022-48966
CVE-2022-48972
CVE-2022-48975
CVE-2022-48981
CVE-2022-48982
CVE-2022-48992
CVE-2022-48995
CVE-2022-49004
CVE-2022-49005
CVE-2022-49011
CVE-2022-49017
CVE-2022-49020
CVE-2022-49021
CVE-2022-49023
CVE-2022-49031
CVE-2022-49032
CVE-2024-45021
CVE-2024-46677
CVE-2024-46809
CVE-2024-47659
CVE-2024-47660
CVE-2024-47668
CVE-2024-47673
CVE-2024-47690
CVE-2024-47691
CVE-2024-47692
CVE-2024-47693
CVE-2024-47696
CVE-2024-47699
CVE-2024-47701
CVE-2024-47703
CVE-2024-47705
CVE-2024-47723
CVE-2024-47739
CVE-2024-47742
CVE-2024-47748
CVE-2024-47756
CVE-2024-49855
CVE-2024-49858
CVE-2024-49860
CVE-2024-49863
CVE-2024-49877
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49886
CVE-2024-49889
CVE-2024-49913
CVE-2024-49917
CVE-2024-49922
CVE-2024-49924
CVE-2024-49933
CVE-2024-49934
CVE-2024-49936
CVE-2024-49940
CVE-2024-49950
CVE-2024-49954
CVE-2024-49955
CVE-2024-49958
CVE-2024-49965
CVE-2024-49973
CVE-2024-49975
CVE-2024-49978
CVE-2024-49981
CVE-2024-49992
CVE-2024-49995
CVE-2024-49996
CVE-2024-50008
CVE-2024-50015
CVE-2024-50016
CVE-2024-50028
CVE-2024-50033
CVE-2024-50035
CVE-2024-50046
CVE-2024-50047
CVE-2024-50058
CVE-2024-50059
CVE-2024-50060
CVE-2024-50063
CVE-2024-50067
CVE-2024-50074
CVE-2024-50083
CWE-ID CWE-399
CWE-200
CWE-20
CWE-415
CWE-667
CWE-119
CWE-787
CWE-665
CWE-476
CWE-388
CWE-416
CWE-682
CWE-125
CWE-401
CWE-190
CWE-908
CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 89 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU99165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU99105

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48958

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU99207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU99164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU99208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU99210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU99163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48972

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU99110

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48975

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Double free

EUVDB-ID: #VU99051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48981

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU98992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48982

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_register_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU99214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Double free

EUVDB-ID: #VU99052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48995

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the raydium_i2c_send() function in drivers/input/touchscreen/raydium_i2c_ts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99137

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/riscv/include/asm/pgalloc.h, arch/riscv/include/asm/efi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU99213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU99113

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Double free

EUVDB-ID: #VU99053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49017

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the tipc_crypto_key_synch() function in net/tipc/crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information disclosure

EUVDB-ID: #VU99116

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU99136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU99098

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49023

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cfg80211_gen_new_ie() function in net/wireless/scan.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU99202

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU99180

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49032

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the afe4404_read_raw() and afe4404_write_raw() functions in drivers/iio/health/afe4404.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper error handling

EUVDB-ID: #VU99080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47690

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU98900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Incorrect calculation

EUVDB-ID: #VU99189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47703

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU98868

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU98956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49940

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pppol2tp_session_setsockopt() function in net/l2tp/l2tp_ppp.c, within the l2tp_nl_cmd_session_modify() function in net/l2tp/l2tp_netlink.c, within the l2tp_v3_session_get(), l2tp_session_register(), l2tp_recv_common(), EXPORT_SYMBOL_GPL(), l2tp_session_set_header_len() and l2tp_session_create() functions in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU98948

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49978

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU98883

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49992

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Integer overflow

EUVDB-ID: #VU99090

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50016

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Incorrect calculation

EUVDB-ID: #VU99184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper locking

EUVDB-ID: #VU98994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50060

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.100.0.181

python3-perf: before 5.10.0-136.100.0.181

perf-debuginfo: before 5.10.0-136.100.0.181

perf: before 5.10.0-136.100.0.181

kernel-tools-devel: before 5.10.0-136.100.0.181

kernel-tools-debuginfo: before 5.10.0-136.100.0.181

kernel-tools: before 5.10.0-136.100.0.181

kernel-source: before 5.10.0-136.100.0.181

kernel-headers: before 5.10.0-136.100.0.181

kernel-devel: before 5.10.0-136.100.0.181

kernel-debugsource: before 5.10.0-136.100.0.181

kernel-debuginfo: before 5.10.0-136.100.0.181

kernel: before 5.10.0-136.100.0.181

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2371


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###