openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 72
CVE-ID CVE-2021-47382
CVE-2022-48893
CVE-2024-35825
CVE-2024-35969
CVE-2024-36005
CVE-2024-36031
CVE-2024-36270
CVE-2024-36880
CVE-2024-36915
CVE-2024-36934
CVE-2024-36946
CVE-2024-38546
CVE-2024-38560
CVE-2024-38611
CVE-2024-38613
CVE-2024-38659
CVE-2024-39292
CVE-2024-39494
CVE-2024-40932
CVE-2024-40988
CVE-2024-41019
CVE-2024-41040
CVE-2024-41041
CVE-2024-41048
CVE-2024-41049
CVE-2024-41063
CVE-2024-41069
CVE-2024-41080
CVE-2024-41090
CVE-2024-41091
CVE-2024-42067
CVE-2024-42086
CVE-2024-42097
CVE-2024-42115
CVE-2024-42129
CVE-2024-42228
CVE-2024-42283
CVE-2024-42290
CVE-2024-42306
CVE-2024-42309
CVE-2024-42313
CVE-2024-42322
CVE-2024-43823
CVE-2024-43830
CVE-2024-43840
CVE-2024-43855
CVE-2024-43872
CVE-2024-43892
CVE-2024-43893
CVE-2024-44940
CVE-2024-44954
CVE-2024-44998
CVE-2024-45006
CVE-2024-45026
CVE-2024-46676
CVE-2024-46719
CVE-2024-46754
CVE-2024-46770
CVE-2024-46795
CVE-2024-46819
CVE-2024-46826
CVE-2024-46828
CVE-2024-46840
CVE-2024-46848
CVE-2024-46854
CVE-2024-46855
CVE-2024-46858
CVE-2024-47658
CVE-2024-47664
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CWE-ID CWE-667
CWE-401
CWE-119
CWE-416
CWE-399
CWE-20
CWE-476
CWE-125
CWE-682
CWE-908
CWE-415
CWE-362
CWE-369
CWE-835
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 72 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU90741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47382

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qeth_do_reset() function in drivers/s390/net/qeth_core_main.c, within the EXPORT_SYMBOL(), ccwgroup_set_offline() and ccwgroup_online_store() functions in drivers/s390/cio/ccwgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU96320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_engines_init() function in drivers/gpu/drm/i915/gt/intel_engine_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU93241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35825

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU94121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU93028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU90850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU90268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36915

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU90266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36934

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU93469

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU92351

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38546

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU92298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38611

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU92359

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38613

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU93080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38659

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU93178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39292

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU94308

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40988

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU94839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41019

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU94949

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41040

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU95069

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41041

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU94943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41069

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Incorrect calculation

EUVDB-ID: #VU95077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42067

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU95041

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42086

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU95001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU94932

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource management error

EUVDB-ID: #VU95059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42129

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use of uninitialized resource

EUVDB-ID: #VU95029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42228

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU96195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42283

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU96181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42290

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU96184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42306

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU96135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42309

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU96109

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42313

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Resource management error

EUVDB-ID: #VU96189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42322

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU96127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43823

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Double free

EUVDB-ID: #VU96162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43830

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource management error

EUVDB-ID: #VU96178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43840

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU96147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43855

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper locking

EUVDB-ID: #VU96294

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43872

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU96553

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44940

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU97566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU97516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46795

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU97783

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU98369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47658

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Division by zero

EUVDB-ID: #VU98373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47664

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-232.0.0.131

python3-perf: before 5.10.0-232.0.0.131

perf-debuginfo: before 5.10.0-232.0.0.131

perf: before 5.10.0-232.0.0.131

kernel-tools-devel: before 5.10.0-232.0.0.131

kernel-tools-debuginfo: before 5.10.0-232.0.0.131

kernel-tools: before 5.10.0-232.0.0.131

kernel-source: before 5.10.0-232.0.0.131

kernel-headers: before 5.10.0-232.0.0.131

kernel-devel: before 5.10.0-232.0.0.131

kernel-debugsource: before 5.10.0-232.0.0.131

kernel-debuginfo: before 5.10.0-232.0.0.131

bpftool-debuginfo: before 5.10.0-232.0.0.131

bpftool: before 5.10.0-232.0.0.131

kernel: before 5.10.0-232.0.0.131

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2258


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###