openEuler 24.03 LTS update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2024-35931 CVE-2024-36923 CVE-2024-38548 CVE-2024-38567 CVE-2024-39484 CVE-2024-39506 CVE-2024-39508 CVE-2024-40915 CVE-2024-40960 CVE-2024-40963 CVE-2024-40972 CVE-2024-40980 CVE-2024-40982 CVE-2024-40995 CVE-2024-41011 |
| CWE-ID | CWE-388 CWE-908 CWE-476 CWE-20 CWE-401 CWE-416 CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Improper error handling
EUVDB-ID: #VU90943
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_pci_slot_reset() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized resource
EUVDB-ID: #VU90864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU93818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39484
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU94229
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39508
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the WORKER_IDLE_TIMEOUT(), io_work_get_acct(), io_worker_exit(), io_wq_dec_running(), __io_worker_busy(), io_wq_worker(), io_wq_worker_running(), io_wq_worker_sleeping(), io_init_new_worker(), init_completion() and io_wq_work_match_item() functions in io_uring/io-wq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU94222
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU94272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40972
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
