openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2024-46685
CVE-2024-46702
CVE-2024-46815
CVE-2024-47679
CVE-2024-47726
CVE-2024-49859
CVE-2024-49878
CVE-2024-49896
CVE-2024-49948
CVE-2024-49949
CVE-2024-49960
CVE-2024-49967
CVE-2024-49983
CVE-2024-50002
CVE-2024-50006
CVE-2024-50013
CVE-2024-50014
CVE-2024-50082
CVE-2024-50095
CVE-2024-50131
CVE-2024-50133
CVE-2024-50142
CVE-2024-50154
CWE-ID CWE-476
CWE-667
CWE-20
CWE-399
CWE-416
CWE-401
CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU97259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46685

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU97264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46702

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU99198

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47726

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU99230

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49859

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_defragment_range(), f2fs_move_file_range() and f2fs_ioc_set_pin_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU99042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU99223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU98850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50013

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU99010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper error handling

EUVDB-ID: #VU99833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50131

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU99822

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50133

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stack_top() function in arch/loongarch/kernel/process.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU100081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.101.0.182

python3-perf: before 5.10.0-136.101.0.182

perf-debuginfo: before 5.10.0-136.101.0.182

perf: before 5.10.0-136.101.0.182

kernel-tools-devel: before 5.10.0-136.101.0.182

kernel-tools-debuginfo: before 5.10.0-136.101.0.182

kernel-tools: before 5.10.0-136.101.0.182

kernel-source: before 5.10.0-136.101.0.182

kernel-headers: before 5.10.0-136.101.0.182

kernel-devel: before 5.10.0-136.101.0.182

kernel-debugsource: before 5.10.0-136.101.0.182

kernel-debuginfo: before 5.10.0-136.101.0.182

kernel: before 5.10.0-136.101.0.182

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2426


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###