openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 34
CVE-ID CVE-2021-47582
CVE-2023-52888
CVE-2024-39509
CVE-2024-40942
CVE-2024-40956
CVE-2024-40990
CVE-2024-41012
CVE-2024-41034
CVE-2024-41035
CVE-2024-41042
CVE-2024-41046
CVE-2024-41065
CVE-2024-41078
CVE-2024-41092
CVE-2024-42087
CVE-2024-42095
CVE-2024-42096
CVE-2024-42098
CVE-2024-42105
CVE-2024-42114
CVE-2024-42126
CVE-2024-42128
CVE-2024-42143
CVE-2024-42148
CVE-2024-42154
CVE-2024-42156
CVE-2024-42157
CVE-2024-42158
CVE-2024-42223
CVE-2024-42225
CVE-2024-42229
CVE-2024-42244
CVE-2024-42246
CVE-2024-42247
CWE-ID CWE-399
CWE-401
CWE-416
CWE-20
CWE-388
CWE-415
CWE-667
CWE-125
CWE-190
CWE-908
CWE-119
CWE-835
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 34 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU93277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47582

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU95057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52888

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU94310

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39509

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU94207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU94216

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40956

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU94325

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40990

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper error handling

EUVDB-ID: #VU95020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41034

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU95109

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41035

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU95003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41042

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Double free

EUVDB-ID: #VU95010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41046

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU94926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41065

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU94938

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41092

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU95066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42087

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU95101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU94987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42096

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU95100

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU94936

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42105

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42126

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU95058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42128

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the an30259a_probe() function in drivers/leds/leds-an30259a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU94951

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42143

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU94952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42148

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU95093

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42154

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU95091

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42156

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU95090

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42157

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU95064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42158

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU95037

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42223

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use of uninitialized resource

EUVDB-ID: #VU95028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42225

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU95078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42229

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU95510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42244

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU95518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42247

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-223.0.0.122

python3-perf: before 5.10.0-223.0.0.122

perf-debuginfo: before 5.10.0-223.0.0.122

perf: before 5.10.0-223.0.0.122

kernel-tools-devel: before 5.10.0-223.0.0.122

kernel-tools-debuginfo: before 5.10.0-223.0.0.122

kernel-tools: before 5.10.0-223.0.0.122

kernel-source: before 5.10.0-223.0.0.122

kernel-headers: before 5.10.0-223.0.0.122

kernel-devel: before 5.10.0-223.0.0.122

kernel-debugsource: before 5.10.0-223.0.0.122

kernel-debuginfo: before 5.10.0-223.0.0.122

bpftool-debuginfo: before 5.10.0-223.0.0.122

bpftool: before 5.10.0-223.0.0.122

kernel: before 5.10.0-223.0.0.122

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1994


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###