openEuler 20.03 LTS SP4 update for kernel

Published: 2024-07-21

Risk	Medium
Patch available	YES
Number of vulnerabilities	13
CVE-ID	CVE-2021-47296 CVE-2021-47311 CVE-2021-47391 CVE-2021-47598 CVE-2022-48732 CVE-2022-48757 CVE-2022-48760 CVE-2024-38558 CVE-2024-38632 CVE-2024-39480 CVE-2024-39487 CVE-2024-39488 CVE-2024-39489
CWE-ID	CWE-401 CWE-416 CWE-193 CWE-119 CWE-20 CWE-125 CWE-388
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU91630

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47296

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kvm_arch_vcpu_ioctl() function in arch/powerpc/kvm/powerpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90103

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47311

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the emac_remove() function in drivers/net/ethernet/qualcomm/emac/emac.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU90141

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47391

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU92302

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47598

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cake_init() function in net/sched/sch_cake.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Off-by-one

EUVDB-ID: #VU92927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48732

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU92886

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48757

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fanout_add() and packet_create() functions in net/packet/af_packet.c, within the ptype_seq_show() function in net/core/net-procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU92976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48760

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU94117

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38558

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU93020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38632

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU93827

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39480

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39487

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper error handling

EUVDB-ID: #VU94087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39488

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU94084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39489

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2407.4.0.0286

python3-perf: before 4.19.90-2407.4.0.0286

python2-perf-debuginfo: before 4.19.90-2407.4.0.0286

python2-perf: before 4.19.90-2407.4.0.0286

perf-debuginfo: before 4.19.90-2407.4.0.0286

perf: before 4.19.90-2407.4.0.0286

kernel-tools-devel: before 4.19.90-2407.4.0.0286

kernel-tools-debuginfo: before 4.19.90-2407.4.0.0286

kernel-tools: before 4.19.90-2407.4.0.0286

kernel-source: before 4.19.90-2407.4.0.0286

kernel-devel: before 4.19.90-2407.4.0.0286

kernel-debugsource: before 4.19.90-2407.4.0.0286

kernel-debuginfo: before 4.19.90-2407.4.0.0286

bpftool-debuginfo: before 4.19.90-2407.4.0.0286

bpftool: before 4.19.90-2407.4.0.0286

kernel: before 4.19.90-2407.4.0.0286

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.