openEuler 20.03 LTS SP1 update for kernel



Risk Medium
Patch available YES
Number of vulnerabilities 33
CVE-ID CVE-2020-36777
CVE-2020-36780
CVE-2020-36784
CVE-2021-46904
CVE-2021-46924
CVE-2021-46926
CVE-2021-46928
CVE-2021-46934
CVE-2021-46935
CVE-2021-46952
CVE-2021-46989
CVE-2021-47086
CVE-2021-47112
CVE-2021-47113
CVE-2021-47114
CVE-2021-47122
CVE-2023-52443
CVE-2023-52469
CVE-2023-52476
CVE-2023-52502
CVE-2023-52509
CVE-2023-52599
CVE-2023-52600
CVE-2023-52601
CVE-2023-52602
CVE-2023-52603
CVE-2024-23307
CVE-2024-24855
CVE-2024-26597
CVE-2024-26600
CVE-2024-26606
CVE-2024-26622
CVE-2024-26625
CWE-ID CWE-401
CWE-476
CWE-399
CWE-755
CWE-754
CWE-668
CWE-125
CWE-833
CWE-371
CWE-119
CWE-416
CWE-362
CWE-129
CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

kernel-devel
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 33 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU87987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36777

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU89266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36780

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due reference leak when pm_runtime_get_sync fails within the sprd_i2c_master_xfer() and sprd_i2c_remove() function in drivers/i2c/busses/i2c-sprd.c. A local user can perform denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU88216

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36784

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due a reference leak in drivers/i2c/busses/i2c-cadence.c. A local user can perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU87990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
 within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU88212

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46924

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in drivers/nfc/st21nfca/i2c.c. A local user can perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU89253

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46926

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the sdw_intel_acpi_cb() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper handling of exceptional conditions

EUVDB-ID: #VU89265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46928

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of errors within the handle_interruption() function in arch/parisc/kernel/traps.c. A local user can send specially crafted input and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU89264

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46934

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to produce warnings from the userspace.

The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU89263

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46935

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the binder_free_buf_locked() function in drivers/android/binder_alloc.c. A local user can gain access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU89262

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-46952

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the nfs23_parse_monolithic() function in fs/nfs/fs_context.c when handling UDP retrans. A remote attacker can trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Deadlock

EUVDB-ID: #VU89261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46989

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) State Issues

EUVDB-ID: #VU89260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47086

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU89259

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47112

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU89258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47113

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the btrfs_rename_exchange() function in fs/btrfs/inode.c. A local user can corrupt the filesystem and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU89257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47114

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU89256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47122

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the caif_device_notify() function in net/caif/caif_dev.c. A local user can perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU89245

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52443

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU89235

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU88821

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52476

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Race condition

EUVDB-ID: #VU88106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52502

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU89255

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52509

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user can escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU88105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52599

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU88104

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU88103

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52601

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU89254

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52602

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper validation of array index

EUVDB-ID: #VU88885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52603

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Integer overflow

EUVDB-ID: #VU88102

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23307

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Race condition

EUVDB-ID: #VU87602

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24855

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU87682

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26597

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU89249

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26600

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU89247

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26606

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU87193

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26622

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local  user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU87344

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-devel: before 4.19.90-2404.1.0.0245

perf-debuginfo: before 4.19.90-2404.1.0.0245

perf: before 4.19.90-2404.1.0.0245

python2-perf: before 4.19.90-2404.1.0.0245

kernel-source: before 4.19.90-2404.1.0.0245

python3-perf-debuginfo: before 4.19.90-2404.1.0.0245

python3-perf: before 4.19.90-2404.1.0.0245

kernel-tools-debuginfo: before 4.19.90-2404.1.0.0245

kernel-tools: before 4.19.90-2404.1.0.0245

kernel-tools-devel: before 4.19.90-2404.1.0.0245

python2-perf-debuginfo: before 4.19.90-2404.1.0.0245

kernel-debugsource: before 4.19.90-2404.1.0.0245

kernel-debuginfo: before 4.19.90-2404.1.0.0245

bpftool-debuginfo: before 4.19.90-2404.1.0.0245

bpftool: before 4.19.90-2404.1.0.0245

kernel: before 4.19.90-2404.1.0.0245

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1392


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###