openEuler 24.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 32
CVE-ID CVE-2024-43098
CVE-2024-47141
CVE-2024-47408
CVE-2024-48873
CVE-2024-49568
CVE-2024-49571
CVE-2024-50051
CVE-2024-52332
CVE-2024-53056
CVE-2024-53096
CVE-2024-53105
CVE-2024-53208
CVE-2024-53222
CVE-2024-53690
CVE-2024-56369
CVE-2024-56610
CVE-2024-56617
CVE-2024-56698
CVE-2024-56715
CVE-2024-57791
CVE-2024-57841
CVE-2024-57882
CVE-2024-57888
CVE-2024-57916
CVE-2024-57925
CVE-2024-57932
CVE-2024-57933
CVE-2024-57939
CVE-2024-57940
CVE-2024-57947
CVE-2025-21645
CVE-2025-21684
CWE-ID CWE-667
CWE-476
CWE-20
CWE-416
CWE-399
CWE-401
CWE-415
CWE-191
CWE-369
CWE-119
CWE-835
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 32 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU102941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i3c_device_uevent() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU102924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47141

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pr_fmt(), pinmux_can_be_used_for_gpio(), pin_request(), pin_free(), pinmux_enable_setting(), pinmux_disable_setting() and pinmux_pins_show() functions in drivers/pinctrl/pinmux.c, within the pinctrl_register_one_pin() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU102950

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47408

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smc_find_ism_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU102926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48873

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtw89_update_6ghz_rnr_chan() function in drivers/net/wireless/realtek/rtw89/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU102951

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49568

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_find_rdma_v2_device_serv() function in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU102952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49571

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smc_clc_msg_prop_valid() function in net/smc/smc_clc.c, within the smc_listen_prfx_check() and smc_find_ism_v1_device_serv() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU102917

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50051

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mpc52xx_spi_remove() function in drivers/spi/spi-mpc52xx.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU102974

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52332

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the igb_init_module() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU100711

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53056

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_crtc_destroy() function in drivers/gpu/drm/mediatek/mtk_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU100936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53096

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the do_munmap(), mmap_region(), vma_set_page_prot() and vms_abort_munmap_vmas() functions in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Double free

EUVDB-ID: #VU101108

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53105

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the __page_cache_release() function in mm/swap.c, within the free_pages_prepare() function in mm/page_alloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU102063

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53208

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mgmt_set_powered_complete() function in net/bluetooth/mgmt.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU102129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53222

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the zram_add() function in drivers/block/zram/zram_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer underflow

EUVDB-ID: #VU102965

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53690

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nilfs_lookup() function in fs/nilfs2/namei.c, within the nilfs_iget() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Division by zero

EUVDB-ID: #VU102970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56369

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the EXPORT_SYMBOL() and drm_mode_vrefresh() functions in drivers/gpu/drm/drm_modes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU102164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56610

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), kcsan_skip_report_debugfs(), set_report_filterlist_whitelist(), insert_report_filterlist() and show_info() functions in kernel/kcsan/debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU102111

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56617

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the last_level_cache_is_valid(), populate_cache_leaves() and init_level_allocate_ci() functions in drivers/base/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU102101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56698

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_prepare_trbs_sg() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU101986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56715

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ionic_lif_register() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU102990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57791

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU102892

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57841

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU102921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57882

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_established_options_add_addr() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU102977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57888

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the workqueue_softirq_dead(), __flush_workqueue() and start_flush_work() functions in kernel/workqueue.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU103044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57916

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU103019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57925

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_send_interim_resp() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU103123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57932

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gve_xdp_xmit() function in drivers/net/ethernet/google/gve/gve_tx.c, within the gve_turndown() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU103124

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57933

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gve_xsk_pool_enable(), gve_xsk_pool_disable() and gve_xsk_wakeup() functions in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU103126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK() and die() functions in arch/riscv/kernel/traps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Infinite loop

EUVDB-ID: #VU103134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57940

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the exfat_readdir() function in fs/exfat/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory leak

EUVDB-ID: #VU103269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU103045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21645

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amd_pmc_suspend_handler() function in drivers/platform/x86/amd/pmc/pmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU103749

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21684

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-77.0.0.81

python3-perf: before 6.6.0-77.0.0.81

perf-debuginfo: before 6.6.0-77.0.0.81

perf: before 6.6.0-77.0.0.81

kernel-tools-devel: before 6.6.0-77.0.0.81

kernel-tools-debuginfo: before 6.6.0-77.0.0.81

kernel-tools: before 6.6.0-77.0.0.81

kernel-source: before 6.6.0-77.0.0.81

kernel-headers: before 6.6.0-77.0.0.81

kernel-devel: before 6.6.0-77.0.0.81

kernel-debugsource: before 6.6.0-77.0.0.81

kernel-debuginfo: before 6.6.0-77.0.0.81

bpftool-debuginfo: before 6.6.0-77.0.0.81

bpftool: before 6.6.0-77.0.0.81

kernel: before 6.6.0-77.0.0.81

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1111


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###