openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2021-47181
CVE-2021-47189
CVE-2021-47204
CVE-2021-47206
CVE-2022-48786
CVE-2022-48794
CVE-2022-48804
CVE-2022-48822
CVE-2022-48828
CVE-2022-48836
CVE-2022-48845
CVE-2022-48851
CVE-2022-48857
CVE-2023-52679
CVE-2024-22386
CVE-2024-37078
CVE-2024-38567
CVE-2024-38611
CVE-2024-38627
CVE-2024-39475
CVE-2024-39484
CVE-2024-39506
CVE-2024-40942
CVE-2024-40947
CVE-2024-40960
CVE-2024-40978
CVE-2024-40981
CVE-2024-40988
CVE-2024-40995
CWE-ID CWE-476
CWE-362
CWE-416
CWE-667
CWE-401
CWE-125
CWE-191
CWE-399
CWE-415
CWE-20
CWE-369
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

kernel-tools-devel
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU92071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47181

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU93380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47189

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU90205

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47204

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU92072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47206

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU94455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48786

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU94406

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48794

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU94431

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48804

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU94403

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48822

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer underflow

EUVDB-ID: #VU94466

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU94447

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48836

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU94482

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48845

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the start_secondary() function in arch/mips/kernel/smp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU94414

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48851

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU94412

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48857

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Double free

EUVDB-ID: #VU90892

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52679

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Concurrent execution using shared resource with improper synchronization ('race condition')

EUVDB-ID: #VU92718

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-22386

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU93342

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37078

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU92370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38567

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU92298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38611

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Double free

EUVDB-ID: #VU93040

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38627

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Division by zero

EUVDB-ID: #VU93828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39475

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU93818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39484

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU94258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39506

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory leak

EUVDB-ID: #VU94207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU94218

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40947

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU94245

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

EUVDB-ID: #VU94299

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU94269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40981

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU94308

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40988

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU94267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

kernel-tools-devel: before 4.19.90-2408.1.0.0288

perf-debuginfo: before 4.19.90-2408.1.0.0288

bpftool: before 4.19.90-2408.1.0.0288

kernel-tools: before 4.19.90-2408.1.0.0288

python2-perf-debuginfo: before 4.19.90-2408.1.0.0288

python2-perf: before 4.19.90-2408.1.0.0288

perf: before 4.19.90-2408.1.0.0288

kernel-source: before 4.19.90-2408.1.0.0288

kernel-debugsource: before 4.19.90-2408.1.0.0288

python3-perf: before 4.19.90-2408.1.0.0288

kernel-devel: before 4.19.90-2408.1.0.0288

python3-perf-debuginfo: before 4.19.90-2408.1.0.0288

kernel-tools-debuginfo: before 4.19.90-2408.1.0.0288

bpftool-debuginfo: before 4.19.90-2408.1.0.0288

kernel-debuginfo: before 4.19.90-2408.1.0.0288

kernel: before 4.19.90-2408.1.0.0288

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1944


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###