openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 62
CVE-ID CVE-2023-52917
CVE-2023-52918
CVE-2024-35949
CVE-2024-35964
CVE-2024-36884
CVE-2024-42301
CVE-2024-43858
CVE-2024-43867
CVE-2024-43871
CVE-2024-44982
CVE-2024-44997
CVE-2024-46675
CVE-2024-46677
CVE-2024-46724
CVE-2024-46749
CVE-2024-46757
CVE-2024-46775
CVE-2024-46782
CVE-2024-46802
CVE-2024-46853
CVE-2024-46871
CVE-2024-47659
CVE-2024-47660
CVE-2024-47661
CVE-2024-47667
CVE-2024-47681
CVE-2024-47683
CVE-2024-47684
CVE-2024-47685
CVE-2024-47689
CVE-2024-47692
CVE-2024-47695
CVE-2024-47698
CVE-2024-47709
CVE-2024-47710
CVE-2024-47720
CVE-2024-47737
CVE-2024-47743
CVE-2024-47757
CVE-2024-49855
CVE-2024-49866
CVE-2024-49867
CVE-2024-49868
CVE-2024-49895
CVE-2024-49900
CVE-2024-49902
CVE-2024-49903
CVE-2024-49911
CVE-2024-49918
CVE-2024-49919
CVE-2024-49927
CVE-2024-49965
CVE-2024-49969
CVE-2024-49974
CVE-2024-49976
CVE-2024-49985
CVE-2024-50007
CVE-2024-50012
CVE-2024-50046
CVE-2024-50049
CVE-2024-50057
CVE-2024-50065
CWE-ID CWE-476
CWE-125
CWE-20
CWE-191
CWE-401
CWE-416
CWE-119
CWE-667
CWE-908
CWE-399
CWE-388
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 62 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU91391

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35949

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU93796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35964

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iso_sock_setsockopt() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU90382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36884

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvidia_smmu_context_fault() function in drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer underflow

EUVDB-ID: #VU96301

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43867

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU96841

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mtk_wed_setup_tc_block_cb() and mtk_wed_setup_tc_block() functions in drivers/net/ethernet/mediatek/mtk_wed.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU97526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btnxpuart_close() and btnxpuart_flush() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU97568

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46775

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU97496

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46782

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU98381

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46871

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU98371

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47661

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU98978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47681

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU98979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47683

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the is_dsc_need_re_compute() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU99034

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47689

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU98972

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47743

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU98929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU98928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU99148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49927

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper locking

EUVDB-ID: #VU99015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU99132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50057

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tps6598x_remove() function in drivers/usb/typec/tipd/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper locking

EUVDB-ID: #VU98993

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50065

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_d_hash() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-48.0.0.53

python3-perf: before 6.6.0-48.0.0.53

perf-debuginfo: before 6.6.0-48.0.0.53

perf: before 6.6.0-48.0.0.53

kernel-tools-devel: before 6.6.0-48.0.0.53

kernel-tools-debuginfo: before 6.6.0-48.0.0.53

kernel-tools: before 6.6.0-48.0.0.53

kernel-source: before 6.6.0-48.0.0.53

kernel-headers: before 6.6.0-48.0.0.53

kernel-devel: before 6.6.0-48.0.0.53

kernel-debugsource: before 6.6.0-48.0.0.53

kernel-debuginfo: before 6.6.0-48.0.0.53

bpftool-debuginfo: before 6.6.0-48.0.0.53

bpftool: before 6.6.0-48.0.0.53

kernel: before 6.6.0-48.0.0.53

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###