Anolis OS update for kernel



Risk High
Patch available YES
Number of vulnerabilities 50
CVE-ID CVE-2023-52478
CVE-2023-52628
CVE-2024-36883
CVE-2024-36886
CVE-2024-36889
CVE-2024-36898
CVE-2024-38544
CVE-2024-38564
CVE-2024-38579
CVE-2024-38583
CVE-2024-38588
CVE-2024-39487
CVE-2024-41012
CVE-2024-41014
CVE-2024-41040
CVE-2024-41087
CVE-2024-41090
CVE-2024-41091
CVE-2024-42232
CVE-2024-42265
CVE-2024-42280
CVE-2024-42285
CVE-2024-42286
CVE-2024-42288
CVE-2024-42289
CVE-2024-42292
CVE-2024-43861
CVE-2024-43871
CVE-2024-43882
CVE-2024-44931
CVE-2024-44958
CVE-2024-44987
CVE-2024-45003
CVE-2024-45018
CVE-2024-45025
CVE-2024-46673
CVE-2024-46695
CVE-2024-46715
CVE-2024-46722
CVE-2024-46723
CVE-2024-46737
CVE-2024-46738
CVE-2024-46739
CVE-2024-46744
CVE-2024-46755
CVE-2024-46756
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46777
CWE-ID CWE-416
CWE-121
CWE-125
CWE-908
CWE-119
CWE-264
CWE-415
CWE-20
CWE-476
CWE-401
CWE-667
CWE-399
CWE-682
CWE-191
CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

python3-perf
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-libs-devel
Operating systems & Components / Operating system package or component

kernel-tools-libs
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-modules-internal
Operating systems & Components / Operating system package or component

kernel-modules-extra
Operating systems & Components / Operating system package or component

kernel-modules
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debug-modules-internal
Operating systems & Components / Operating system package or component

kernel-debug-modules-extra
Operating systems & Components / Operating system package or component

kernel-debug-modules
Operating systems & Components / Operating system package or component

kernel-debug-devel
Operating systems & Components / Operating system package or component

kernel-debug-core
Operating systems & Components / Operating system package or component

kernel-debug
Operating systems & Components / Operating system package or component

kernel-core
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 50 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU91066

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52478

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hidpp_probe() function in drivers/hid/hid-logitech-hidpp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU87901

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52628

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU90272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36883

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of uninitialized resource

EUVDB-ID: #VU90975

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36889

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU92002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36898

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the edge_detector_update() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38544

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU93849

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38564

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU92953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38579

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU92311

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38583

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU92312

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38588

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39487

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU94836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU94949

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41040

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Double free

EUVDB-ID: #VU95008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41087

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU96141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42286

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU96139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42289

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU96114

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU97531

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46715

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-perf: before 5.10.134-18

perf: before 5.10.134-18

kernel-tools-libs-devel: before 5.10.134-18

kernel-tools-libs: before 5.10.134-18

kernel-tools: before 5.10.134-18

kernel-modules-internal: before 5.10.134-18

kernel-modules-extra: before 5.10.134-18

kernel-modules: before 5.10.134-18

kernel-headers: before 5.10.134-18

kernel-devel: before 5.10.134-18

kernel-debug-modules-internal: before 5.10.134-18

kernel-debug-modules-extra: before 5.10.134-18

kernel-debug-modules: before 5.10.134-18

kernel-debug-devel: before 5.10.134-18

kernel-debug-core: before 5.10.134-18

kernel-debug: before 5.10.134-18

kernel-core: before 5.10.134-18

kernel: before 5.10.134-18

bpftool: before 5.10.134-18

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:1185


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###