openEuler 24.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 53
CVE-ID CVE-2022-49034
CVE-2024-49906
CVE-2024-53114
CVE-2024-53126
CVE-2024-53127
CVE-2024-53134
CVE-2024-53136
CVE-2024-53146
CVE-2024-53147
CVE-2024-53151
CVE-2024-53154
CVE-2024-53161
CVE-2024-53163
CVE-2024-53165
CVE-2024-53170
CVE-2024-53173
CVE-2024-53186
CVE-2024-53197
CVE-2024-53202
CVE-2024-53217
CVE-2024-53221
CVE-2024-53227
CVE-2024-53230
CVE-2024-56538
CVE-2024-56548
CVE-2024-56569
CVE-2024-56575
CVE-2024-56578
CVE-2024-56581
CVE-2024-56584
CVE-2024-56598
CVE-2024-56604
CVE-2024-56608
CVE-2024-56615
CVE-2024-56620
CVE-2024-56624
CVE-2024-56627
CVE-2024-56629
CVE-2024-56630
CVE-2024-56665
CVE-2024-56675
CVE-2024-56681
CVE-2024-56683
CVE-2024-56692
CVE-2024-56693
CVE-2024-56700
CVE-2024-56702
CVE-2024-56708
CVE-2024-56709
CVE-2024-56741
CVE-2024-56744
CVE-2024-56748
CVE-2024-56752
CWE-ID CWE-399
CWE-476
CWE-20
CWE-119
CWE-667
CWE-190
CWE-125
CWE-193
CWE-416
CWE-401
CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 53 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU102247

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49034

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU98940

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49906

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU101122

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53114

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU101235

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53126

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the psnet_open_pf_bar() function in drivers/vdpa/solidrun/snet_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU101231

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53127

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dw_mci_init_slot() function in drivers/mmc/host/dw_mmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU101236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53134

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imx93_blk_ctrl_remove() function in drivers/pmdomain/imx/imx93-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU101229

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53136

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU101921

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53146

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU101909

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53147

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU101922

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53151

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the xdr_check_write_chunk() function in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU101913

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53154

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the applnco_probe() function in drivers/clk/clk-apple-nco.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU101923

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53161

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Off-by-one

EUVDB-ID: #VU101919

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53163

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the uof_get_name() function in drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU102062

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53165

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU102060

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53170

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the del_gendisk() function in block/genhd.c, within the blk_register_queue() function in block/blk-sysfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU102058

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53173

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU102050

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53186

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU102090

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53197

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU102005

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53202

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fw_log_firmware_info() function in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU102133

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53217

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU102131

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53221

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_f2fs_fs(), f2fs_destroy_post_read_processing() and exit_f2fs_fs() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU102067

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53227

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU102143

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53230

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_get_cpu_cost() function in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU102071

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56538

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU102075

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56548

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU102126

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56569

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU102124

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56575

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU102206

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56578

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mxc_jpeg_probe() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU102044

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56581

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU102038

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56584

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_init_wq_offload() function in io_uring/tctx.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU102085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU102019

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56604

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU102076

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56608

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn21_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU102083

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56615

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU102112

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56620

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ufs_qcom_probe() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Memory leak

EUVDB-ID: #VU101994

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56624

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the put_unused_fd() function in drivers/iommu/iommufd/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU102080

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56627

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU102114

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56629

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper error handling

EUVDB-ID: #VU102203

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56630

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU102188

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU102036

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56675

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper error handling

EUVDB-ID: #VU102198

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56681

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU102276

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56683

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_hdmi_debugfs_regs() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU102184

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56692

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the truncate_node() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU102013

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56693

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU102102

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56700

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU102103

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56702

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Buffer overflow

EUVDB-ID: #VU102237

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56708

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igen6_register_mci() and igen6_unregister_mcis() functions in drivers/edac/igen6_edac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU102155

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56709

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_queue_iowq() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU101984

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56741

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the policy_unpack_test_unpack_strdup_with_null_name(), policy_unpack_test_unpack_strdup_with_name() and policy_unpack_test_unpack_strdup_out_of_bounds() functions in security/apparmor/policy_unpack_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper locking

EUVDB-ID: #VU102153

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56744

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the system_going_down() and f2fs_handle_critical_error() functions in fs/f2fs/super.c, within the f2fs_stop_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory leak

EUVDB-ID: #VU101979

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56748

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Resource management error

EUVDB-ID: #VU102241

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-56752

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gf100_gr_chan_new() function in drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-73.0.0.77

python3-perf: before 6.6.0-73.0.0.77

perf-debuginfo: before 6.6.0-73.0.0.77

perf: before 6.6.0-73.0.0.77

kernel-tools-devel: before 6.6.0-73.0.0.77

kernel-tools-debuginfo: before 6.6.0-73.0.0.77

kernel-tools: before 6.6.0-73.0.0.77

kernel-source: before 6.6.0-73.0.0.77

kernel-headers: before 6.6.0-73.0.0.77

kernel-devel: before 6.6.0-73.0.0.77

kernel-debugsource: before 6.6.0-73.0.0.77

kernel-debuginfo: before 6.6.0-73.0.0.77

bpftool-debuginfo: before 6.6.0-73.0.0.77

bpftool: before 6.6.0-73.0.0.77

kernel: before 6.6.0-73.0.0.77

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1032


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###