Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU87748
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-189.0.0.102
kernel-debugsource: before 5.10.0-189.0.0.102
python3-perf-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-devel: before 5.10.0-189.0.0.102
kernel-devel: before 5.10.0-189.0.0.102
kernel-source: before 5.10.0-189.0.0.102
python3-perf: before 5.10.0-189.0.0.102
perf-debuginfo: before 5.10.0-189.0.0.102
perf: before 5.10.0-189.0.0.102
kernel-headers: before 5.10.0-189.0.0.102
kernel-tools: before 5.10.0-189.0.0.102
kernel: before 5.10.0-189.0.0.102
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1244
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87592
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52436
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the __f2fs_setxattr() function in fs/f2fs/xattr.c, does not empty by default the unused space in the xattr list. A local user can gain access to potentially sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-189.0.0.102
kernel-debugsource: before 5.10.0-189.0.0.102
python3-perf-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-devel: before 5.10.0-189.0.0.102
kernel-devel: before 5.10.0-189.0.0.102
kernel-source: before 5.10.0-189.0.0.102
python3-perf: before 5.10.0-189.0.0.102
perf-debuginfo: before 5.10.0-189.0.0.102
perf: before 5.10.0-189.0.0.102
kernel-headers: before 5.10.0-189.0.0.102
kernel-tools: before 5.10.0-189.0.0.102
kernel: before 5.10.0-189.0.0.102
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1244
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87593
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52438
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-189.0.0.102
kernel-debugsource: before 5.10.0-189.0.0.102
python3-perf-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-devel: before 5.10.0-189.0.0.102
kernel-devel: before 5.10.0-189.0.0.102
kernel-source: before 5.10.0-189.0.0.102
python3-perf: before 5.10.0-189.0.0.102
perf-debuginfo: before 5.10.0-189.0.0.102
perf: before 5.10.0-189.0.0.102
kernel-headers: before 5.10.0-189.0.0.102
kernel-tools: before 5.10.0-189.0.0.102
kernel: before 5.10.0-189.0.0.102
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1244
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87784
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23196
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the snd_hdac_regmap_sync() function in sound/hda/hdac_regmap.c. A local user can exploit the race and crash the OS kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-189.0.0.102
kernel-debugsource: before 5.10.0-189.0.0.102
python3-perf-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-devel: before 5.10.0-189.0.0.102
kernel-devel: before 5.10.0-189.0.0.102
kernel-source: before 5.10.0-189.0.0.102
python3-perf: before 5.10.0-189.0.0.102
perf-debuginfo: before 5.10.0-189.0.0.102
perf: before 5.10.0-189.0.0.102
kernel-headers: before 5.10.0-189.0.0.102
kernel-tools: before 5.10.0-189.0.0.102
kernel: before 5.10.0-189.0.0.102
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1244
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87369
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26595
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the spectrum_acl_tcam() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-189.0.0.102
kernel-debugsource: before 5.10.0-189.0.0.102
python3-perf-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-debuginfo: before 5.10.0-189.0.0.102
kernel-tools-devel: before 5.10.0-189.0.0.102
kernel-devel: before 5.10.0-189.0.0.102
kernel-source: before 5.10.0-189.0.0.102
python3-perf: before 5.10.0-189.0.0.102
perf-debuginfo: before 5.10.0-189.0.0.102
perf: before 5.10.0-189.0.0.102
kernel-headers: before 5.10.0-189.0.0.102
kernel-tools: before 5.10.0-189.0.0.102
kernel: before 5.10.0-189.0.0.102
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1244
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.