openEuler 22.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 60
CVE-ID CVE-2022-49002
CVE-2022-49034
CVE-2022-49035
CVE-2024-47730
CVE-2024-49856
CVE-2024-49907
CVE-2024-50001
CVE-2024-50188
CVE-2024-50233
CVE-2024-50264
CVE-2024-50287
CVE-2024-53147
CVE-2024-53155
CVE-2024-53158
CVE-2024-53161
CVE-2024-53165
CVE-2024-53171
CVE-2024-53185
CVE-2024-53187
CVE-2024-53194
CVE-2024-53197
CVE-2024-53219
CVE-2024-53221
CVE-2024-53224
CVE-2024-53227
CVE-2024-53239
CVE-2024-56538
CVE-2024-56548
CVE-2024-56562
CVE-2024-56567
CVE-2024-56569
CVE-2024-56570
CVE-2024-56581
CVE-2024-56583
CVE-2024-56584
CVE-2024-56586
CVE-2024-56594
CVE-2024-56596
CVE-2024-56598
CVE-2024-56604
CVE-2024-56605
CVE-2024-56608
CVE-2024-56615
CVE-2024-56619
CVE-2024-56627
CVE-2024-56629
CVE-2024-56630
CVE-2024-56672
CVE-2024-56681
CVE-2024-56686
CVE-2024-56691
CVE-2024-56692
CVE-2024-56700
CVE-2024-56709
CVE-2024-56722
CVE-2024-56739
CVE-2024-56747
CVE-2024-56748
CVE-2024-56756
CVE-2024-56763
CWE-ID CWE-388
CWE-399
CWE-20
CWE-667
CWE-476
CWE-119
CWE-369
CWE-416
CWE-125
CWE-908
CWE-191
CWE-190
CWE-362
CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 60 vulnerabilities.

1) Improper error handling

EUVDB-ID: #VU99066

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49002

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU102247

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49034

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU102285

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49035

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the s5p_cec_irq_handler() function in drivers/media/cec/platform/s5p/s5p_cec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU99227

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU99029

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49856

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU101909

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53147

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use of uninitialized resource

EUVDB-ID: #VU101917

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53155

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer underflow

EUVDB-ID: #VU101924

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53158

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU101923

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53161

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU102062

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53165

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU102059

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53171

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU102051

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53185

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU102214

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53187

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the io_pin_pages() function in io_uring/memmap.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU102049

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53194

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU102090

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53197

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU102132

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53219

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c, within the fuse_read_args_fill(), fuse_release_user_pages(), fuse_aio_complete_req(), fuse_get_frag_size(), fuse_get_user_pages() and fuse_direct_io() functions in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU102131

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53221

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_f2fs_fs(), f2fs_destroy_post_read_processing() and exit_f2fs_fs() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU102141

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53224

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_ib_dev_res_init(), mlx5_ib_stage_delay_drop_cleanup(), mlx5_ib_stage_dev_notifier_init() and STAGE_CREATE() functions in drivers/infiniband/hw/mlx5/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU102067

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53227

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU102070

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU102071

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56538

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU102075

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56548

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU102279

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56562

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Division by zero

EUVDB-ID: #VU102216

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56567

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU102126

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56569

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU102280

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56570

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU102044

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56581

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU102243

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56583

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the enqueue_dl_entity() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU102038

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56584

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_init_wq_offload() function in io_uring/tctx.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper error handling

EUVDB-ID: #VU102204

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56586

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU102160

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56594

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU102087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56596

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU102085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU102019

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56604

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU102020

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56605

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU102076

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56608

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn21_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU102083

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56615

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU102022

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56619

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU102080

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56627

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU102114

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56629

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper error handling

EUVDB-ID: #VU102203

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56630

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU102035

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56672

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the blkcg_unpin_online() function in block/blk-cgroup.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper error handling

EUVDB-ID: #VU102198

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56681

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Race condition

EUVDB-ID: #VU102218

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56686

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MODULE_ALIAS(), __ext4_read_bh(), ext4_read_bh_nowait(), ext4_read_bh(), ext4_read_bh_lock() and ext4_sb_breadahead_unmovable() functions in fs/ext4/super.c, within the ext4_get_bitmap() function in fs/ext4/resize.c, within the mext_page_mkuptodate() function in fs/ext4/move_extent.c, within the read_mmp_block() function in fs/ext4/mmp.c, within the trace_ext4_load_inode() function in fs/ext4/inode.c, within the ext4_get_branch() function in fs/ext4/indirect.c, within the ext4_read_inode_bitmap() function in fs/ext4/ialloc.c, within the __read_extent_tree_block() function in fs/ext4/extents.c, within the ext4_read_block_bitmap_nowait() and ext4_wait_block_bitmap() functions in fs/ext4/balloc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU102226

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56691

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the wcove_typec_probe() function in drivers/usb/typec/tcpm/wcove.c, within the ARRAY_SIZE(), bxtwc_add_chained_irq_chip() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU102184

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56692

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the truncate_node() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU102102

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56700

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU102155

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56709

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_queue_iowq() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU102268

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56722

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the free_srqc() function in drivers/infiniband/hw/hns/hns_roce_srq.c, within the hns_roce_mr_free() function in drivers/infiniband/hw/hns/hns_roce_mr.c, within the set_rwqe_data_seg(), free_mr_modify_rsv_qp(), free_mr_post_send_lp_wqe(), free_mr_send_cmd_to_hw(), hns_roce_v2_set_abs_fields(), hns_roce_v2_modify_qp(), hns_roce_v2_query_qp(), hns_roce_v2_destroy_qp_common(), hns_roce_v2_destroy_qp(), hns_roce_v2_modify_cq() and hns_roce_v2_query_cqc() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c, within the hns_roce_table_put() function in drivers/infiniband/hw/hns/hns_roce_hem.c, within the free_cqc() function in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper locking

EUVDB-ID: #VU102154

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Memory leak

EUVDB-ID: #VU101980

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56747

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Memory leak

EUVDB-ID: #VU101979

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56748

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU102008

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU102404

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tracing_cpumask_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

python3-perf-debuginfo: before 5.10.0-136.108.0.188

python3-perf: before 5.10.0-136.108.0.188

perf-debuginfo: before 5.10.0-136.108.0.188

perf: before 5.10.0-136.108.0.188

kernel-tools-devel: before 5.10.0-136.108.0.188

kernel-tools-debuginfo: before 5.10.0-136.108.0.188

kernel-tools: before 5.10.0-136.108.0.188

kernel-source: before 5.10.0-136.108.0.188

kernel-headers: before 5.10.0-136.108.0.188

kernel-devel: before 5.10.0-136.108.0.188

kernel-debugsource: before 5.10.0-136.108.0.188

kernel-debuginfo: before 5.10.0-136.108.0.188

kernel: before 5.10.0-136.108.0.188

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1035


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###