openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 80
CVE-ID CVE-2023-52920
CVE-2024-45010
CVE-2024-46698
CVE-2024-46713
CVE-2024-46765
CVE-2024-47678
CVE-2024-47707
CVE-2024-47712
CVE-2024-47745
CVE-2024-47747
CVE-2024-47749
CVE-2024-49856
CVE-2024-49885
CVE-2024-49899
CVE-2024-49914
CVE-2024-49915
CVE-2024-50024
CVE-2024-50031
CVE-2024-50038
CVE-2024-50039
CVE-2024-50045
CVE-2024-50062
CVE-2024-50085
CVE-2024-50093
CVE-2024-50098
CVE-2024-50141
CVE-2024-50143
CVE-2024-50148
CVE-2024-50154
CVE-2024-50157
CVE-2024-50162
CVE-2024-50166
CVE-2024-50169
CVE-2024-50170
CVE-2024-50171
CVE-2024-50182
CVE-2024-50191
CVE-2024-50192
CVE-2024-50195
CVE-2024-50203
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50216
CVE-2024-50217
CVE-2024-50223
CVE-2024-50230
CVE-2024-50234
CVE-2024-50236
CVE-2024-50241
CVE-2024-50248
CVE-2024-50255
CVE-2024-50258
CVE-2024-50262
CVE-2024-50265
CVE-2024-50269
CVE-2024-50271
CVE-2024-50272
CVE-2024-50273
CVE-2024-50275
CVE-2024-50276
CVE-2024-50283
CVE-2024-50284
CVE-2024-50289
CVE-2024-50294
CVE-2024-50298
CVE-2024-50299
CVE-2024-53043
CVE-2024-53046
CVE-2024-53047
CVE-2024-53052
CVE-2024-53055
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53076
CVE-2024-53083
CVE-2024-53085
CVE-2024-53089
CVE-2016-10044
CWE-ID CWE-476
CWE-399
CWE-667
CWE-416
CWE-20
CWE-119
CWE-835
CWE-908
CWE-401
CWE-191
CWE-125
CWE-404
CWE-415
CWE-388
CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 80 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU99770

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BPF_MOV64_REG() and BPF_RAW_INSN() functions in tools/testing/selftests/bpf/verifier/precise.c, within the subprog_spill_reg_precise() function in tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, within the copy_verifier_state(), check_reg_arg(), is_jmp_point(), bt_is_reg_set(), calls_callback(), backtrack_insn(), __mark_chain_precision(), check_stack_write_fixed_off(), check_stack_read_fixed_off(), check_atomic(), push_jmp_history() and do_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU97192

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45010

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU97263

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46698

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aperture_remove_conflicting_devices(), EXPORT_SYMBOL() and aperture_remove_conflicting_pci_devices() functions in drivers/video/aperture.c, within the of_platform_default_populate_init() function in drivers/of/platform.c, within the DEFINE_MUTEX(), sysfb_unregister() and sysfb_pci_dev_is_enabled() functions in drivers/firmware/sysfb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU97522

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46765

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU99030

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU99191

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the slab_update_freelist(), print_slab_info(), inc_slabs_node() and slab_free_hook() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU98933

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU98932

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49915

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU99159

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50038

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU99133

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50039

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU99842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50093

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU99823

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU100077

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU100079

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50157

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the is_dbr_fifo_full() and __wait_for_fifo_occupancy_below_th() functions in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU100075

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50162

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dev_map_hash_get_next_key(), dev_map_bpf_prog_run() and bq_xmit_all() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU100052

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50166

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mac_probe() and mac_remove() functions in drivers/net/ethernet/freescale/fman/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU100080

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50169

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtio_transport_read_skb() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU100055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50170

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcmasp_xmit() function in drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU100147

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU100127

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50191

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU100139

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50203

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU100141

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU100148

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use of uninitialized resource

EUVDB-ID: #VU100193

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50216

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the xfs_filestream_pick_ag() and !() functions in fs/xfs/xfs_filestream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU100165

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50217

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_close_one_device() function in fs/btrfs/volumes.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU100174

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50223

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Integer underflow

EUVDB-ID: #VU100197

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50241

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU100205

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50248

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU100180

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50255

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU100189

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50258

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the NLA_POLICY_MIN() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU100628

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50271

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Infinite loop

EUVDB-ID: #VU100640

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50272

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the filemap_read() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU100644

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50275

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Double free

EUVDB-ID: #VU100632

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50276

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mse102x_tx_frame_spi() function in drivers/net/ethernet/vertexcom/mse102x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU100615

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper error handling

EUVDB-ID: #VU100634

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50284

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __rpc_method() and ksmbd_session_rpc_open() functions in fs/smb/server/mgmt/user_session.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU100630

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50294

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rxrpc_connect_client_calls() and rxrpc_disconnect_client_call() functions in net/rxrpc/conn_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU100627

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50298

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU100631

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU100747

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53043

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource management error

EUVDB-ID: #VU100743

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53046

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/arm64/boot/dts/freescale/imx8ulp.dtsi. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU100719

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_init_sock() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Infinite loop

EUVDB-ID: #VU100734

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53055

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Memory leak

EUVDB-ID: #VU100702

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use of uninitialized resource

EUVDB-ID: #VU100731

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53083

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the qcom_pmic_typec_pdphy_pd_transmit_payload() function in drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper locking

EUVDB-ID: #VU100726

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53085

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper locking

EUVDB-ID: #VU100832

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53089

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_create() function in arch/loongarch/kvm/vcpu.c, within the _kvm_save_timer() function in arch/loongarch/kvm/timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU6642

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10044

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-57.0.0.59

python3-perf: before 6.6.0-57.0.0.59

perf-debuginfo: before 6.6.0-57.0.0.59

perf: before 6.6.0-57.0.0.59

kernel-tools-devel: before 6.6.0-57.0.0.59

kernel-tools-debuginfo: before 6.6.0-57.0.0.59

kernel-tools: before 6.6.0-57.0.0.59

kernel-source: before 6.6.0-57.0.0.59

kernel-headers: before 6.6.0-57.0.0.59

kernel-devel: before 6.6.0-57.0.0.59

kernel-debugsource: before 6.6.0-57.0.0.59

kernel-debuginfo: before 6.6.0-57.0.0.59

bpftool-debuginfo: before 6.6.0-57.0.0.59

bpftool: before 6.6.0-57.0.0.59

kernel: before 6.6.0-57.0.0.59

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2492


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###