openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 67
CVE-ID CVE-2024-39483
CVE-2024-44950
CVE-2024-45026
CVE-2024-46808
CVE-2024-46813
CVE-2024-46825
CVE-2024-47682
CVE-2024-47706
CVE-2024-47714
CVE-2024-47715
CVE-2024-47718
CVE-2024-47734
CVE-2024-47740
CVE-2024-47750
CVE-2024-47754
CVE-2024-49851
CVE-2024-49861
CVE-2024-49890
CVE-2024-49891
CVE-2024-49907
CVE-2024-49929
CVE-2024-49982
CVE-2024-50001
CVE-2024-50010
CVE-2024-50023
CVE-2024-50044
CVE-2024-50048
CVE-2024-50078
CVE-2024-50086
CVE-2024-50101
CVE-2024-50108
CVE-2024-50126
CVE-2024-50127
CVE-2024-50128
CVE-2024-50130
CVE-2024-50135
CVE-2024-50137
CVE-2024-50139
CVE-2024-50150
CVE-2024-50155
CVE-2024-50158
CVE-2024-50163
CVE-2024-50164
CVE-2024-50187
CVE-2024-50188
CVE-2024-50196
CVE-2024-50201
CVE-2024-50211
CVE-2024-50218
CVE-2024-50222
CVE-2024-50226
CVE-2024-50229
CVE-2024-50235
CVE-2024-50259
CVE-2024-50261
CVE-2024-50264
CVE-2024-50278
CVE-2024-50282
CVE-2024-50285
CVE-2024-50286
CVE-2024-50300
CVE-2024-53042
CVE-2024-53059
CVE-2024-53060
CVE-2024-53073
CVE-2024-53090
CVE-2023-6270
CWE-ID CWE-667
CWE-399
CWE-119
CWE-476
CWE-125
CWE-20
CWE-416
CWE-362
CWE-401
CWE-908
CWE-388
CWE-617
CWE-835
CWE-415
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 67 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU93825

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39483

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the svm_enable_nmi_window() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU96875

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44950

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU97795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46808

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpcd_extend_address_range() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU97840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46825

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/wireless/intel/iwlwifi/mvm/mvm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU98916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU98918

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47714

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mt7996_mcu_sta_bfer_tlv() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU99128

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47715

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the EXPORT_SYMBOL_GPL() function in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU99174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47734

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bond_xdp_get_xmit_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU99228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU98890

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47750

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hns_roce_v2_exit() and __hns_roce_hw_v2_uninit_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU99047

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU99168

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50010

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYSCALL_DEFINE1(), EXPORT_SYMBOL() and do_open_execat() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU99196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50023

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper error handling

EUVDB-ID: #VU99061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50048

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU99454

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50078

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU99444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50086

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_check_user_session(), smb2_sess_setup() and smb2_session_logoff() functions in fs/smb/server/smb2pdu.c, within the __handle_ksmbd_work() function in fs/smb/server/server.c, within the ksmbd_expire_session(), ksmbd_session_lookup_slowpath(), ksmbd_session_lookup_all() and __session_create() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU99847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU99839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50108

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the is_psr_su_specific_panel() function in drivers/gpu/drm/amd/display/modules/power/power_helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU99807

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50126

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_dump() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU99808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU99812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50128

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU99809

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50130

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_hook_run_bpf(), bpf_nf_link_release() and bpf_nf_link_attach() functions in net/netfilter/nf_bpf_link.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU99826

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50135

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Reachable assertion

EUVDB-ID: #VU99829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50137

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the jh71x0_reset_status() function in drivers/reset/starfive/reset-starfive-jh71x0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU100065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50139

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the reset_clidr() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU100059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU100078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50155

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() and nsim_dev_traps_init() functions in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU100067

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50158

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_re_ib_get_hw_stats() function in drivers/infiniband/hw/bnxt_re/hw_counters.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU100082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50163

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the BPF_CALL_3() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use of uninitialized resource

EUVDB-ID: #VU100085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50164

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the check_helper_mem_access(), check_mem_size_reg(), check_mem_reg(), check_kfunc_mem_size_reg() and verbose() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper error handling

EUVDB-ID: #VU100134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50211

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the udf_truncate_extents() function in fs/udf/truncate.c, within the udf_try_read_meta() function in fs/udf/partition.c, within the udf_map_block(), udf_extend_file(), udf_delete_aext() and inode_bmap() functions in fs/udf/inode.c, within the udf_fiiter_init() and udf_fiiter_append_blk() functions in fs/udf/directory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU100201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50222

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the copy_page_from_iter_atomic() function in lib/iov_iter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU100167

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50226

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mock_decoder_commit() function in tools/testing/cxl/test/cxl.c, within the cxl_region_invalidate_memregion(), cxl_region_decode_reset(), commit_store() and cxl_region_detach() functions in drivers/cxl/core/region.c, within the cxl_decoder_commit() and cxl_decoder_reset() functions in drivers/cxl/core/hdm.c, within the device_for_each_child_reverse() function in drivers/base/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Double free

EUVDB-ID: #VU100191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50235

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the _cfg80211_unregister_wdev() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU100204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50259

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU100169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50261

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macsec_free_netdev() function in drivers/net/macsec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU100619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50278

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU100651

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50285

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smb1_negotiate() and init_smb1_server() functions in fs/smb/server/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/smb/server/server.c, within the ksmbd_conn_alloc() function in fs/smb/server/connection.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU100616

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50286

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_expire_session() and ksmbd_sessions_deregister() functions in fs/smb/server/mgmt/user_session.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use of uninitialized resource

EUVDB-ID: #VU100636

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50300

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the rtq2208_probe() function in drivers/regulator/rtq2208-regulator.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper locking

EUVDB-ID: #VU100718

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53042

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU100713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU100738

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53073

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU100833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53090

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the afs_deferred_free_worker(), afs_alloc_call(), afs_put_call(), afs_wake_up_call_waiter() and afs_wake_up_async_call() functions in fs/afs/rxrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-61.0.0.60

python3-perf: before 6.6.0-61.0.0.60

perf-debuginfo: before 6.6.0-61.0.0.60

perf: before 6.6.0-61.0.0.60

kernel-tools-devel: before 6.6.0-61.0.0.60

kernel-tools-debuginfo: before 6.6.0-61.0.0.60

kernel-tools: before 6.6.0-61.0.0.60

kernel-source: before 6.6.0-61.0.0.60

kernel-headers: before 6.6.0-61.0.0.60

kernel-devel: before 6.6.0-61.0.0.60

kernel-debugsource: before 6.6.0-61.0.0.60

kernel-debuginfo: before 6.6.0-61.0.0.60

bpftool-debuginfo: before 6.6.0-61.0.0.60

bpftool: before 6.6.0-61.0.0.60

kernel: before 6.6.0-61.0.0.60

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2522


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###