openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 75
CVE-ID CVE-2022-48961
CVE-2022-48975
CVE-2022-49004
CVE-2024-45021
CVE-2024-46677
CVE-2024-46809
CVE-2024-47659
CVE-2024-47660
CVE-2024-47668
CVE-2024-47673
CVE-2024-47690
CVE-2024-47691
CVE-2024-47693
CVE-2024-47696
CVE-2024-47699
CVE-2024-47701
CVE-2024-47703
CVE-2024-47705
CVE-2024-47723
CVE-2024-47726
CVE-2024-47739
CVE-2024-47742
CVE-2024-47748
CVE-2024-47756
CVE-2024-49855
CVE-2024-49858
CVE-2024-49859
CVE-2024-49860
CVE-2024-49862
CVE-2024-49877
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49886
CVE-2024-49889
CVE-2024-49896
CVE-2024-49913
CVE-2024-49917
CVE-2024-49922
CVE-2024-49924
CVE-2024-49933
CVE-2024-49934
CVE-2024-49936
CVE-2024-49940
CVE-2024-49950
CVE-2024-49954
CVE-2024-49955
CVE-2024-49958
CVE-2024-49973
CVE-2024-49975
CVE-2024-49978
CVE-2024-49981
CVE-2024-49992
CVE-2024-49995
CVE-2024-49996
CVE-2024-50002
CVE-2024-50007
CVE-2024-50008
CVE-2024-50015
CVE-2024-50016
CVE-2024-50028
CVE-2024-50033
CVE-2024-50035
CVE-2024-50040
CVE-2024-50047
CVE-2024-50058
CVE-2024-50059
CVE-2024-50060
CVE-2024-50063
CVE-2024-50064
CVE-2024-50067
CVE-2024-50074
CVE-2024-50083
CWE-ID CWE-399
CWE-200
CWE-665
CWE-476
CWE-388
CWE-20
CWE-667
CWE-119
CWE-416
CWE-682
CWE-125
CWE-193
CWE-401
CWE-190
CWE-908
CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 75 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU99164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU99110

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48975

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU99137

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/riscv/include/asm/pgalloc.h, arch/riscv/include/asm/efi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU98382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47659

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper error handling

EUVDB-ID: #VU99080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47690

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU98900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47691

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Incorrect calculation

EUVDB-ID: #VU99189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47703

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU99198

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47726

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU99230

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49859

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_defragment_range(), f2fs_move_file_range() and f2fs_ioc_set_pin_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Off-by-one

EUVDB-ID: #VU99088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49862

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU98868

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49889

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU98956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49940

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pppol2tp_session_setsockopt() function in net/l2tp/l2tp_ppp.c, within the l2tp_nl_cmd_session_modify() function in net/l2tp/l2tp_netlink.c, within the l2tp_v3_session_get(), l2tp_session_register(), l2tp_recv_common(), EXPORT_SYMBOL_GPL(), l2tp_session_set_header_len() and l2tp_session_create() functions in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU98948

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49978

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU98883

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49992

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Integer overflow

EUVDB-ID: #VU99090

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50016

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Incorrect calculation

EUVDB-ID: #VU99184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper error handling

EUVDB-ID: #VU99062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU98994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50060

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Information disclosure

EUVDB-ID: #VU99117

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50064

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU99458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50083

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-235.0.0.134

python3-perf: before 5.10.0-235.0.0.134

perf-debuginfo: before 5.10.0-235.0.0.134

perf: before 5.10.0-235.0.0.134

kernel-tools-devel: before 5.10.0-235.0.0.134

kernel-tools-debuginfo: before 5.10.0-235.0.0.134

kernel-tools: before 5.10.0-235.0.0.134

kernel-source: before 5.10.0-235.0.0.134

kernel-headers: before 5.10.0-235.0.0.134

kernel-devel: before 5.10.0-235.0.0.134

kernel-debugsource: before 5.10.0-235.0.0.134

kernel-debuginfo: before 5.10.0-235.0.0.134

bpftool-debuginfo: before 5.10.0-235.0.0.134

bpftool: before 5.10.0-235.0.0.134

kernel: before 5.10.0-235.0.0.134

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###