openEuler 22.03 LTS SP3 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2024-44950
CVE-2024-46813
CVE-2024-47707
CVE-2024-47718
CVE-2024-49891
CVE-2024-49930
CVE-2024-49938
CVE-2024-49944
CVE-2024-49997
CVE-2024-50024
CVE-2024-50039
CVE-2024-50044
CVE-2024-50135
CVE-2024-50148
CVE-2024-50171
CVE-2024-50196
CVE-2024-50208
CVE-2024-50209
CVE-2024-50234
CVE-2024-50236
CVE-2024-50299
CVE-2024-53059
CVE-2024-53063
CVE-2024-53073
CVE-2024-53090
CVE-2024-53099
CVE-2024-53101
CWE-ID CWE-399
CWE-125
CWE-476
CWE-416
CWE-20
CWE-119
CWE-835
CWE-667
CWE-401
CWE-908
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU96875

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44950

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49997

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50039

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU99826

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50135

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU100141

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU100148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU100631

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU100738

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53073

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU100833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53090

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the afs_deferred_free_worker(), afs_alloc_call(), afs_put_call(), afs_wake_up_call_waiter() and afs_wake_up_async_call() functions in fs/afs/rxrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU100938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53099

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bpf_link_show_fdinfo() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use of uninitialized resource

EUVDB-ID: #VU100940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

python3-perf-debuginfo: before 5.10.0-239.0.0.141

python3-perf: before 5.10.0-239.0.0.141

perf-debuginfo: before 5.10.0-239.0.0.141

perf: before 5.10.0-239.0.0.141

kernel-tools-devel: before 5.10.0-239.0.0.141

kernel-tools-debuginfo: before 5.10.0-239.0.0.141

kernel-tools: before 5.10.0-239.0.0.141

kernel-source: before 5.10.0-239.0.0.141

kernel-headers: before 5.10.0-239.0.0.141

kernel-devel: before 5.10.0-239.0.0.141

kernel-debugsource: before 5.10.0-239.0.0.141

kernel-debuginfo: before 5.10.0-239.0.0.141

kernel: before 5.10.0-239.0.0.141

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2519


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###