openEuler 22.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 35
CVE-ID CVE-2024-43817
CVE-2024-45018
CVE-2024-46713
CVE-2024-47745
CVE-2024-47747
CVE-2024-47749
CVE-2024-49899
CVE-2024-49929
CVE-2024-49952
CVE-2024-50045
CVE-2024-50062
CVE-2024-50085
CVE-2024-50089
CVE-2024-50141
CVE-2024-50143
CVE-2024-50179
CVE-2024-50180
CVE-2024-50192
CVE-2024-50195
CVE-2024-50202
CVE-2024-50205
CVE-2024-50229
CVE-2024-50230
CVE-2024-50241
CVE-2024-50248
CVE-2024-50262
CVE-2024-50265
CVE-2024-50269
CVE-2024-50273
CVE-2024-50289
CVE-2024-50301
CVE-2024-53052
CVE-2024-53061
CVE-2024-53066
CVE-2016-10044
CWE-ID CWE-20
CWE-908
CWE-667
CWE-416
CWE-476
CWE-119
CWE-399
CWE-191
CWE-125
CWE-401
CWE-404
CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 35 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43817

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU99849

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU100077

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU100130

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Integer underflow

EUVDB-ID: #VU100197

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50241

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU100205

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50248

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU6642

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10044

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-238.0.0.137

python3-perf: before 5.10.0-238.0.0.137

perf-debuginfo: before 5.10.0-238.0.0.137

perf: before 5.10.0-238.0.0.137

kernel-tools-devel: before 5.10.0-238.0.0.137

kernel-tools-debuginfo: before 5.10.0-238.0.0.137

kernel-tools: before 5.10.0-238.0.0.137

kernel-source: before 5.10.0-238.0.0.137

kernel-headers: before 5.10.0-238.0.0.137

kernel-devel: before 5.10.0-238.0.0.137

kernel-debugsource: before 5.10.0-238.0.0.137

kernel-debuginfo: before 5.10.0-238.0.0.137

bpftool-debuginfo: before 5.10.0-238.0.0.137

bpftool: before 5.10.0-238.0.0.137

kernel: before 5.10.0-238.0.0.137

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2493


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###