openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 38
CVE-ID CVE-2022-48969
CVE-2023-52784
CVE-2023-52843
CVE-2023-52885
CVE-2024-46713
CVE-2024-47735
CVE-2024-47745
CVE-2024-47747
CVE-2024-47749
CVE-2024-49899
CVE-2024-49929
CVE-2024-49952
CVE-2024-50038
CVE-2024-50045
CVE-2024-50062
CVE-2024-50073
CVE-2024-50089
CVE-2024-50143
CVE-2024-50151
CVE-2024-50179
CVE-2024-50180
CVE-2024-50192
CVE-2024-50202
CVE-2024-50205
CVE-2024-50229
CVE-2024-50230
CVE-2024-50241
CVE-2024-50244
CVE-2024-50248
CVE-2024-50262
CVE-2024-50265
CVE-2024-50269
CVE-2024-50273
CVE-2024-50289
CVE-2024-53052
CVE-2024-53061
CVE-2024-53066
CVE-2016-10044
CWE-ID CWE-399
CWE-388
CWE-908
CWE-416
CWE-667
CWE-20
CWE-476
CWE-119
CWE-125
CWE-191
CWE-401
CWE-404
CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 38 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU99131

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48969

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper error handling

EUVDB-ID: #VU93650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of uninitialized resource

EUVDB-ID: #VU90868

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52843

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU94326

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52885

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU99159

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50038

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mark_mt() and mark_mt_init() functions in net/netfilter/xt_mark.c, within the sizeof() function in net/netfilter/xt_connmark.c, within the connlimit_mt_destroy() function in net/netfilter/xt_connlimit.c, within the connbytes_mt_check() function in net/netfilter/xt_connbytes.c, within the xt_cluster_mt_destroy() function in net/netfilter/xt_cluster.c, within the sizeof() function in net/netfilter/xt_addrtype.c, within the trace_tg() function in net/netfilter/xt_TRACE.c, within the offsetof() function in net/netfilter/xt_SECMARK.c, within the xt_rateest_tg_destroy() and xt_rateest_tg_init() functions in net/netfilter/xt_RATEEST.c, within the nflog_tg_destroy() function in net/netfilter/xt_NFLOG.c, within the led_tg_destroy() function in net/netfilter/xt_LED.c, within the idletimer_tg_destroy_v1() function in net/netfilter/xt_IDLETIMER.c, within the xt_ct_tg_destroy_v1() and sizeof() functions in net/netfilter/xt_CT.c, within the connsecmark_tg_destroy() function in net/netfilter/xt_CONNSECMARK.c, within the sizeof() function in net/netfilter/xt_CLASSIFY.c, within the checksum_tg_check() function in net/netfilter/xt_CHECKSUM.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU99442

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU99849

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use of uninitialized resource

EUVDB-ID: #VU100084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50143

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU100066

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50151

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU100130

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Integer underflow

EUVDB-ID: #VU100197

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50241

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd4_copy() function in fs/nfsd/nfs4proc.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use of uninitialized resource

EUVDB-ID: #VU100195

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50244

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU100205

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50248

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU100173

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU6642

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10044

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.103.0.184

python3-perf: before 5.10.0-136.103.0.184

perf-debuginfo: before 5.10.0-136.103.0.184

perf: before 5.10.0-136.103.0.184

kernel-tools-devel: before 5.10.0-136.103.0.184

kernel-tools-debuginfo: before 5.10.0-136.103.0.184

kernel-tools: before 5.10.0-136.103.0.184

kernel-source: before 5.10.0-136.103.0.184

kernel-headers: before 5.10.0-136.103.0.184

kernel-devel: before 5.10.0-136.103.0.184

kernel-debugsource: before 5.10.0-136.103.0.184

kernel-debuginfo: before 5.10.0-136.103.0.184

kernel: before 5.10.0-136.103.0.184

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2491


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###