openEuler 22.03 LTS SP1 update for kernel



| Updated: 2024-12-04
Risk Low
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2024-26586
CVE-2024-26598
CVE-2024-36484
CVE-2024-36880
CVE-2024-36900
CVE-2024-36904
CVE-2024-36914
CVE-2024-36933
CVE-2024-36938
CVE-2024-38544
CVE-2024-38597
CVE-2024-39276
CVE-2024-40902
CVE-2024-40966
CVE-2024-41066
CVE-2024-41073
CVE-2024-41087
CVE-2024-41088
CVE-2024-42070
CVE-2024-42126
CVE-2024-42127
CVE-2024-42131
CVE-2024-42232
CVE-2024-42236
CVE-2024-42304
CVE-2024-42310
CVE-2024-43839
CWE-ID CWE-787
CWE-416
CWE-617
CWE-20
CWE-665
CWE-125
CWE-908
CWE-476
CWE-119
CWE-667
CWE-401
CWE-415
CWE-843
CWE-388
CWE-190
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU88935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90262

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26598

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU90850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Initialization

EUVDB-ID: #VU91547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36900

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU90269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36914

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use of uninitialized resource

EUVDB-ID: #VU90862

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36933

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU90383

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36938

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU93344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38544

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU92361

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38597

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU93320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU94296

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40902

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU94275

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40966

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Double free

EUVDB-ID: #VU95008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41087

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU94989

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41088

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Type Confusion

EUVDB-ID: #VU94923

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42070

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42126

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper error handling

EUVDB-ID: #VU95014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42127

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Integer overflow

EUVDB-ID: #VU95035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU95502

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU96164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42304

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU96134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42310

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU96197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43839

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.90.0.171

python3-perf: before 5.10.0-136.90.0.171

perf-debuginfo: before 5.10.0-136.90.0.171

perf: before 5.10.0-136.90.0.171

kernel-tools-devel: before 5.10.0-136.90.0.171

kernel-tools-debuginfo: before 5.10.0-136.90.0.171

kernel-tools: before 5.10.0-136.90.0.171

kernel-source: before 5.10.0-136.90.0.171

kernel-headers: before 5.10.0-136.90.0.171

kernel-devel: before 5.10.0-136.90.0.171

kernel-debugsource: before 5.10.0-136.90.0.171

kernel-debuginfo: before 5.10.0-136.90.0.171

kernel: before 5.10.0-136.90.0.171

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2031


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###