jiachao2130/csaf-parser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
csaf-parser/tests/csaf-openEuler-SA-2024-1836.json
Jia Chao d667ef7fda release v0.1.0 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-24 10:04:20 +08:00

7428 lines
484 KiB
JSON
Raw Permalink Blame History

{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"Critical"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"kernel security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS",
"category":"general",
"title":"Summary"
},
{
"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] <TASK>\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90(CVE-2022-48772)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU's vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd->prev_vector because the interrupt isn't currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn't reclaim apicd->prev_vector; instead, it simply resets both\napicd->move_in_progress and apicd->prev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd->prev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.(CVE-2024-31076)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk->sk_prot)->setsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx->sk_proto->setsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.(CVE-2024-36489)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault.(CVE-2024-36949)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move NPIV's transport unregistration to after resource clean up\n\nThere are cases after NPIV deletion where the fabric switch still believes\nthe NPIV is logged into the fabric. This occurs when a vport is\nunregistered before the Remove All DA_ID CT and LOGO ELS are sent to the\nfabric.\n\nCurrently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including\nthe fabric D_ID, removes the last ndlp reference and frees the ndlp rport\nobject. This sometimes causes the race condition where the final DA_ID and\nLOGO are skipped from being sent to the fabric switch.\n\nFix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID\nand LOGO are sent.(CVE-2024-36952)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler.(CVE-2024-36962)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it's not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it's\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core).(CVE-2024-36965)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: delete vq in vp_find_vqs_msix() when request_irq() fails\n\nWhen request_irq() fails, error path calls vp_del_vqs(). There, as vq is\npresent in the list, free_irq() is called for the same vector. That\ncauses following splat:\n\n[ 0.414355] Trying to free already-free IRQ 27\n[ 0.414403] WARNING: CPU: 1 PID: 1 at kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0\n[ 0.414510] Modules linked in:\n[ 0.414540] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4+ #27\n[ 0.414540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n[ 0.414540] RIP: 0010:free_irq+0x1a1/0x2d0\n[ 0.414540] Code: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40\n[ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086\n[ 0.414540] RAX: 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000\n[ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000001\n[ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001\n[ 0.414540] R10: 00000000ffffdfff R11: ffffffffb18729c0 R12: ffffa099c1c91760\n[ 0.414540] R13: ffffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600\n[ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000\n[ 0.414540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0\n[ 0.414540] Call Trace:\n[ 0.414540] <TASK>\n[ 0.414540] ? __warn+0x80/0x120\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] ? report_bug+0x164/0x190\n[ 0.414540] ? handle_bug+0x3b/0x70\n[ 0.414540] ? exc_invalid_op+0x17/0x70\n[ 0.414540] ? asm_exc_invalid_op+0x1a/0x20\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] vp_del_vqs+0xc1/0x220\n[ 0.414540] vp_find_vqs_msix+0x305/0x470\n[ 0.414540] vp_find_vqs+0x3e/0x1a0\n[ 0.414540] vp_modern_find_vqs+0x1b/0x70\n[ 0.414540] init_vqs+0x387/0x600\n[ 0.414540] virtnet_probe+0x50a/0xc80\n[ 0.414540] virtio_dev_probe+0x1e0/0x2b0\n[ 0.414540] really_probe+0xc0/0x2c0\n[ 0.414540] ? __pfx___driver_attach+0x10/0x10\n[ 0.414540] __driver_probe_device+0x73/0x120\n[ 0.414540] driver_probe_device+0x1f/0xe0\n[ 0.414540] __driver_attach+0x88/0x180\n[ 0.414540] bus_for_each_dev+0x85/0xd0\n[ 0.414540] bus_add_driver+0xec/0x1f0\n[ 0.414540] driver_register+0x59/0x100\n[ 0.414540] ? __pfx_virtio_net_driver_init+0x10/0x10\n[ 0.414540] virtio_net_driver_init+0x90/0xb0\n[ 0.414540] do_one_initcall+0x58/0x230\n[ 0.414540] kernel_init_freeable+0x1a3/0x2d0\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] kernel_init+0x1a/0x1c0\n[ 0.414540] ret_from_fork+0x31/0x50\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] ret_from_fork_asm+0x1a/0x30\n[ 0.414540] </TASK>\n\nFix this by calling deleting the current vq when request_irq() fails.(CVE-2024-37353)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we're logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---(CVE-2024-37354)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);\n ...\n delivered_ce <<= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n memcpy((void*)0x20000080,\n \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n /*flags=*/2ul, /*mode=*/0ul);\n memcpy((void*)0x20000000, \"100\\000\", 4);\n syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet's limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n 10\n # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n </TASK>(CVE-2024-37356)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Assign dummy when codec not specified for a DAI link\n\nMediaTek sound card drivers are checking whether a DAI link is present\nand used on a board to assign the correct parameters and this is done\nby checking the codec DAI names at probe time.\n\nIf no real codec is present, assign the dummy codec to the DAI link\nto avoid NULL pointer during string comparison.(CVE-2024-38551)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index 'i' exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max(CVE-2024-38552)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.(CVE-2024-38554)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40(CVE-2024-38555)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: Avoid address calculations via out of bounds array indexing\n\nBefore request->channels[] can be used, request->n_channels must be set.\nAdditionally, address calculations for memory after the \"channels\" array\nneed to be calculated from the allocation base (\"request\") rather than\nvia the first \"out of bounds\" index of \"channels\", otherwise run-time\nbounds checking will throw a warning.(CVE-2024-38562)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.(CVE-2024-38564)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-38577)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.(CVE-2024-38579)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --> Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --> Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy().(CVE-2024-38582)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().(CVE-2024-38588)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n <TASK>\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev->resync_min\n while (j < max_sectors)\n sectors = raid10_sync_request(mddev, j, &skipped)\n if (!md_bitmap_start_sync(..., &sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed.(CVE-2024-38598)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren't split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.(CVE-2024-38599)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list.(CVE-2024-38602)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nblock: refine the EOF check in blkdev_iomap_begin\n\nblkdev_iomap_begin rounds down the offset to the logical block size\nbefore stashing it in iomap->offset and checking that it still is\ninside the inode size.\n\nCheck the i_size check to the raw pos value so that we don't try a\nzero size write if iter->pos is unaligned.(CVE-2024-38604)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()\n\nPatch series \"mm: follow_pte() improvements and acrn follow_pte() fixes\".\n\nPatch #1 fixes a bunch of issues I spotted in the acrn driver. It\ncompiles, that's all I know. I'll appreciate some review and testing from\nacrn folks.\n\nPatch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding\nmore sanity checks, and improving the documentation. Gave it a quick test\non x86-64 using VM_PAT that ends up using follow_pte().\n\n\nThis patch (of 3):\n\nWe currently miss handling various cases, resulting in a dangerous\nfollow_pte() (previously follow_pfn()) usage.\n\n(1) We're not checking PTE write permissions.\n\nMaybe we should simply always require pte_write() like we do for\npin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let's check for\nACRN_MEM_ACCESS_WRITE for now.\n\n(2) We're not rejecting refcounted pages.\n\nAs we are not using MMU notifiers, messing with refcounted pages is\ndangerous and can result in use-after-free. Let's make sure to reject them.\n\n(3) We are only looking at the first PTE of a bigger range.\n\nWe only lookup a single PTE, but memmap->len may span a larger area.\nLet's loop over all involved PTEs and make sure the PFN range is\nactually contiguous. Reject everything else: it couldn't have worked\neither way, and rather made use access PFNs we shouldn't be accessing.(CVE-2024-38610)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add callback function pointer check before its call\n\nIn dpu_core_irq_callback_handler() callback function pointer is compared to NULL,\nbut then callback function is unconditionally called by this pointer.\nFix this bug by adding conditional return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588237/(CVE-2024-38622)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)(CVE-2024-38623)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip(CVE-2024-38624)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.(CVE-2024-38625)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks.(CVE-2024-38628)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Avoid unnecessary destruction of file_ida\n\nfile_ida is allocated during cdev open and is freed accordingly\nduring cdev release. This sequence is guaranteed by driver file\noperations. Therefore, there is no need to destroy an already empty\nfile_ida when the WQ cdev is removed.\n\nWorse, ida_free() in cdev release may happen after destruction of\nfile_ida per WQ cdev. This can lead to accessing an id in file_ida\nafter it has been destroyed, resulting in a kernel panic.\n\nRemove ida_destroy(&file_ida) to address these issues.(CVE-2024-38629)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.(CVE-2024-38630)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port->lock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it's taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100](CVE-2024-38634)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru(CVE-2024-38637)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don't intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types.(CVE-2024-38662)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dpsub: Always register bridge\n\nWe must always register the DRM bridge, since zynqmp_dp_hpd_work_func\ncalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be\ninitialized. We do this before zynqmp_dpsub_drm_init since that calls\ndrm_bridge_attach. This fixes the following lockdep warning:\n\n[ 19.217084] ------------[ cut here ]------------\n[ 19.227530] DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550\n[ 19.241696] Modules linked in:\n[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96\n[ 19.252046] Hardware name: xlnx,zynqmp (DT)\n[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func\n[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 19.269104] pc : __mutex_lock+0x4bc/0x550\n[ 19.273364] lr : __mutex_lock+0x4bc/0x550\n[ 19.277592] sp : ffffffc085c5bbe0\n[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8\n[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000\n[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000\n[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000\n[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720\n[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001\n[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888\n[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000\n[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000\n[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880\n[ 19.356581] Call trace:\n[ 19.359160] __mutex_lock+0x4bc/0x550\n[ 19.363032] mutex_lock_nested+0x24/0x30\n[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c\n[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54\n[ 19.376364] process_one_work+0x3ac/0x988\n[ 19.380660] worker_thread+0x398/0x694\n[ 19.384736] kthread+0x1bc/0x1c0\n[ 19.388241] ret_from_fork+0x10/0x20\n[ 19.392031] irq event stamp: 183\n[ 19.395450] hardirqs last enabled at (183): [<ffffffc0800b9278>] finish_task_switch.isra.0+0xa8/0x2d4\n[ 19.405140] hardirqs last disabled at (182): [<ffffffc081ad3754>] __schedule+0x714/0xd04\n[ 19.413612] softirqs last enabled at (114): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c\n[ 19.423128] softirqs last disabled at (110): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c\n[ 19.432614] ---[ end trace 0000000000000000 ]---\n\n(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)(CVE-2024-38664)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don't enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq().(CVE-2024-38780)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\"). Here are the relevant\nfunctions being called:\n\nbonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n bonding_debug_root = NULL; <--------- SET TO NULL HERE\n bond_netlink_fini()\n rtnl_link_unregister()\n __rtnl_link_unregister()\n unregister_netdevice_many_notify()\n bond_uninit()\n bond_debug_unregister()\n (commit removed check for bonding_debug_root == NULL)\n debugfs_remove()\n simple_recursive_removal()\n down_write() -> OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n rmmod bonding\n bonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n echo -bond0 > /sys/class/net/bonding_masters\n bond_uninit()\n bond_debug_unregister()\n if (!bonding_debug_root)\n\nCPU1\n bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval. The same oops can also happen if there is an error during\nmodule init, so apply the same fix there.(CVE-2024-39296)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage.(CVE-2024-39301)\n\nRejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.(CVE-2024-39362)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for non-NULL file pointer in io_file_can_poll()\n\nIn earlier kernels, it was possible to trigger a NULL pointer\ndereference off the forced async preparation path, if no file had\nbeen assigned. The trace leading to that looks as follows:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022\nRIP: 0010:io_buffer_select+0xc3/0x210\nCode: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b\nRSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246\nRAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040\nRDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700\nRBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020\nR10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8\nR13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000\nFS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0\nCall Trace:\n <TASK>\n ? __die+0x1f/0x60\n ? page_fault_oops+0x14d/0x420\n ? do_user_addr_fault+0x61/0x6a0\n ? exc_page_fault+0x6c/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? io_buffer_select+0xc3/0x210\n __io_import_iovec+0xb5/0x120\n io_readv_prep_async+0x36/0x70\n io_queue_sqe_fallback+0x20/0x260\n io_submit_sqes+0x314/0x630\n __do_sys_io_uring_enter+0x339/0xbc0\n ? __do_sys_io_uring_register+0x11b/0xc50\n ? vm_mmap_pgoff+0xce/0x160\n do_syscall_64+0x5f/0x180\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x55e0a110a67e\nCode: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 <c3> 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6\n\nbecause the request is marked forced ASYNC and has a bad file fd, and\nhence takes the forced async prep path.\n\nCurrent kernels with the request async prep cleaned up can no longer hit\nthis issue, but for ease of backporting, let's add this safety check in\nhere too as it really doesn't hurt. For both cases, this will inevitably\nend with a CQE posted with -EBADF.(CVE-2024-39371)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign ->num before accessing ->hws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of 'struct clk_hw_onecell_data'\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to ->num being assigned after ->hws\nhas been accessed:\n\n UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n index 3 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]')\n\nMove the ->num initialization to before the first access of ->hws, which\nclears up the warning.(CVE-2024-39461)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/qcom/lmh: Check for SCM availability at probe\n\nUp until now, the necessary scm availability check has not been\nperformed, leading to possible null pointer dereferences (which did\nhappen for me on RB1).\n\nFix that.(CVE-2024-39466)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it.(CVE-2024-39467)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix deadlock in smb2_find_smb_tcon()\n\nUnlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such\ndeadlock.(CVE-2024-39468)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Fix a possible null pointer dereference in eventfs_find_events()\n\nIn function eventfs_find_events,there is a potential null pointer\nthat may be caused by calling update_events_attr which will perform\nsome operations on the members of the ei struct when ei is NULL.\n\nHence,When ei->is_freed is set,return NULL directly.(CVE-2024-39470)",
"category":"general",
"title":"Description"
},
{
"text":"An update for kernel is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"Critical",
"category":"general",
"title":"Severity"
},
{
"text":"kernel",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2024-1836",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
},
{
"summary":"CVE-2022-48772",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48772&packageName=kernel"
},
{
"summary":"CVE-2024-31076",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-31076&packageName=kernel"
},
{
"summary":"CVE-2024-36489",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36489&packageName=kernel"
},
{
"summary":"CVE-2024-36949",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36949&packageName=kernel"
},
{
"summary":"CVE-2024-36952",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36952&packageName=kernel"
},
{
"summary":"CVE-2024-36962",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36962&packageName=kernel"
},
{
"summary":"CVE-2024-36965",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36965&packageName=kernel"
},
{
"summary":"CVE-2024-37353",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37353&packageName=kernel"
},
{
"summary":"CVE-2024-37354",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37354&packageName=kernel"
},
{
"summary":"CVE-2024-37356",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37356&packageName=kernel"
},
{
"summary":"CVE-2024-38551",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38551&packageName=kernel"
},
{
"summary":"CVE-2024-38552",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38552&packageName=kernel"
},
{
"summary":"CVE-2024-38554",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38554&packageName=kernel"
},
{
"summary":"CVE-2024-38555",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38555&packageName=kernel"
},
{
"summary":"CVE-2024-38562",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38562&packageName=kernel"
},
{
"summary":"CVE-2024-38564",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38564&packageName=kernel"
},
{
"summary":"CVE-2024-38577",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38577&packageName=kernel"
},
{
"summary":"CVE-2024-38579",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38579&packageName=kernel"
},
{
"summary":"CVE-2024-38582",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38582&packageName=kernel"
},
{
"summary":"CVE-2024-38588",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38588&packageName=kernel"
},
{
"summary":"CVE-2024-38598",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38598&packageName=kernel"
},
{
"summary":"CVE-2024-38599",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38599&packageName=kernel"
},
{
"summary":"CVE-2024-38602",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38602&packageName=kernel"
},
{
"summary":"CVE-2024-38604",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38604&packageName=kernel"
},
{
"summary":"CVE-2024-38610",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38610&packageName=kernel"
},
{
"summary":"CVE-2024-38622",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38622&packageName=kernel"
},
{
"summary":"CVE-2024-38623",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38623&packageName=kernel"
},
{
"summary":"CVE-2024-38624",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38624&packageName=kernel"
},
{
"summary":"CVE-2024-38625",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38625&packageName=kernel"
},
{
"summary":"CVE-2024-38628",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38628&packageName=kernel"
},
{
"summary":"CVE-2024-38629",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38629&packageName=kernel"
},
{
"summary":"CVE-2024-38630",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38630&packageName=kernel"
},
{
"summary":"CVE-2024-38634",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38634&packageName=kernel"
},
{
"summary":"CVE-2024-38637",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38637&packageName=kernel"
},
{
"summary":"CVE-2024-38662",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38662&packageName=kernel"
},
{
"summary":"CVE-2024-38664",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38664&packageName=kernel"
},
{
"summary":"CVE-2024-38780",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38780&packageName=kernel"
},
{
"summary":"CVE-2024-39296",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39296&packageName=kernel"
},
{
"summary":"CVE-2024-39301",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39301&packageName=kernel"
},
{
"summary":"CVE-2024-39362",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39362&packageName=kernel"
},
{
"summary":"CVE-2024-39371",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39371&packageName=kernel"
},
{
"summary":"CVE-2024-39461",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39461&packageName=kernel"
},
{
"summary":"CVE-2024-39466",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39466&packageName=kernel"
},
{
"summary":"CVE-2024-39467",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39467&packageName=kernel"
},
{
"summary":"CVE-2024-39468",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39468&packageName=kernel"
},
{
"summary":"CVE-2024-39470",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39470&packageName=kernel"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48772"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31076"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36489"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36949"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36952"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36962"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36965"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37353"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37354"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37356"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38551"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38552"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38554"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38555"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38562"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38564"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38577"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38579"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38582"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38588"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38598"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38599"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38602"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38604"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38610"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38622"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38623"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38624"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38625"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38628"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38629"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38630"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38634"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38637"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38662"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38664"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38780"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39296"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39301"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39362"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39371"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39461"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39466"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39467"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39468"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39470"
},
{
"summary":"openEuler-SA-2024-1836 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1836.json"
}
],
"title":"An update for kernel is now available for openEuler-24.03-LTS",
"tracking":{
"initial_release_date":"2024-07-12T22:52:16+08:00",
"revision_history":[
{
"date":"2024-07-12T22:52:16+08:00",
"summary":"Initial",
"number":"1.0.0"
}
],
"generator":{
"date":"2024-07-12T22:52:16+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2024-07-12T22:52:16+08:00",
"id":"openEuler-SA-2024-1836",
"version":"1.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"openEuler-24.03-LTS",
"name":"openEuler-24.03-LTS"
},
"name":"openEuler-24.03-LTS",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"bpftool-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"bpftool-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"bpftool-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"bpftool-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-source-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm"
},
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
},
"product_id":"kernel-6.6.0-33.0.0.40.oe2403.src.rpm",
"name":"kernel-6.6.0-33.0.0.40.oe2403.src.rpm"
},
"name":"kernel-6.6.0-33.0.0.40.oe2403.src.rpm",
"category":"product_version"
}
],
"category":"product_name"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"bpftool-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"perf-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"bpftool-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-source-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-source-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"perf-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"python3-perf-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"name":"python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64 as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-24.03-LTS",
"product_reference":"kernel-6.6.0-33.0.0.40.oe2403.src.rpm",
"full_product_name":{
"product_id":"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src",
"name":"kernel-6.6.0-33.0.0.40.oe2403.src as a component of openEuler-24.03-LTS"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2022-48772",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] <TASK>\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2022-48772"
},
{
"cve":"CVE-2024-31076",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline\n\nThe absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of\ninterrupt affinity reconfiguration via procfs. Instead, the change is\ndeferred until the next instance of the interrupt being triggered on the\noriginal CPU.\n\nWhen the interrupt next triggers on the original CPU, the new affinity is\nenforced within __irq_move_irq(). A vector is allocated from the new CPU,\nbut the old vector on the original CPU remains and is not immediately\nreclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming\nprocess is delayed until the next trigger of the interrupt on the new CPU.\n\nUpon the subsequent triggering of the interrupt on the new CPU,\nirq_complete_move() adds a task to the old CPU's vector_cleanup list if it\nremains online. Subsequently, the timer on the old CPU iterates over its\nvector_cleanup list, reclaiming old vectors.\n\nHowever, a rare scenario arises if the old CPU is outgoing before the\ninterrupt triggers again on the new CPU.\n\nIn that case irq_force_complete_move() is not invoked on the outgoing CPU\nto reclaim the old apicd->prev_vector because the interrupt isn't currently\naffine to the outgoing CPU, and irq_needs_fixup() returns false. Even\nthough __vector_schedule_cleanup() is later called on the new CPU, it\ndoesn't reclaim apicd->prev_vector; instead, it simply resets both\napicd->move_in_progress and apicd->prev_vector to 0.\n\nAs a result, the vector remains unreclaimed in vector_matrix, leading to a\nCPU vector leak.\n\nTo address this issue, move the invocation of irq_force_complete_move()\nbefore the irq_needs_fixup() call to reclaim apicd->prev_vector, if the\ninterrupt is currently or used to be affine to the outgoing CPU.\n\nAdditionally, reclaim the vector in __vector_schedule_cleanup() as well,\nfollowing a warning message, although theoretically it should never see\napicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-31076"
},
{
"cve":"CVE-2024-36489",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0 CPU1\n----- -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk->sk_prot, tls_prots) -(2)\n\n // In sock_common_setsockopt()\n READ_ONCE(sk->sk_prot)->setsockopt()\n\n // In tls_{setsockopt,getsockopt}()\n ctx->sk_proto->setsockopt() -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx->sk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is\ninitialized, we can ensure that ctx->sk_proto are visible when\nchanging sk->sk_prot.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36489"
},
{
"cve":"CVE-2024-36949",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36949"
},
{
"cve":"CVE-2024-36952",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move NPIV's transport unregistration to after resource clean up\n\nThere are cases after NPIV deletion where the fabric switch still believes\nthe NPIV is logged into the fabric. This occurs when a vport is\nunregistered before the Remove All DA_ID CT and LOGO ELS are sent to the\nfabric.\n\nCurrently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including\nthe fabric D_ID, removes the last ndlp reference and frees the ndlp rport\nobject. This sometimes causes the race condition where the final DA_ID and\nLOGO are skipped from being sent to the fabric switch.\n\nFix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID\nand LOGO are sent.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36952"
},
{
"cve":"CVE-2024-36962",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.2,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36962"
},
{
"cve":"CVE-2024-36965",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it's not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it's\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core).",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.6,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-36965"
},
{
"cve":"CVE-2024-37353",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: delete vq in vp_find_vqs_msix() when request_irq() fails\n\nWhen request_irq() fails, error path calls vp_del_vqs(). There, as vq is\npresent in the list, free_irq() is called for the same vector. That\ncauses following splat:\n\n[ 0.414355] Trying to free already-free IRQ 27\n[ 0.414403] WARNING: CPU: 1 PID: 1 at kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0\n[ 0.414510] Modules linked in:\n[ 0.414540] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4+ #27\n[ 0.414540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n[ 0.414540] RIP: 0010:free_irq+0x1a1/0x2d0\n[ 0.414540] Code: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40\n[ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086\n[ 0.414540] RAX: 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000\n[ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000001\n[ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001\n[ 0.414540] R10: 00000000ffffdfff R11: ffffffffb18729c0 R12: ffffa099c1c91760\n[ 0.414540] R13: ffffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600\n[ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000\n[ 0.414540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0\n[ 0.414540] Call Trace:\n[ 0.414540] <TASK>\n[ 0.414540] ? __warn+0x80/0x120\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] ? report_bug+0x164/0x190\n[ 0.414540] ? handle_bug+0x3b/0x70\n[ 0.414540] ? exc_invalid_op+0x17/0x70\n[ 0.414540] ? asm_exc_invalid_op+0x1a/0x20\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] vp_del_vqs+0xc1/0x220\n[ 0.414540] vp_find_vqs_msix+0x305/0x470\n[ 0.414540] vp_find_vqs+0x3e/0x1a0\n[ 0.414540] vp_modern_find_vqs+0x1b/0x70\n[ 0.414540] init_vqs+0x387/0x600\n[ 0.414540] virtnet_probe+0x50a/0xc80\n[ 0.414540] virtio_dev_probe+0x1e0/0x2b0\n[ 0.414540] really_probe+0xc0/0x2c0\n[ 0.414540] ? __pfx___driver_attach+0x10/0x10\n[ 0.414540] __driver_probe_device+0x73/0x120\n[ 0.414540] driver_probe_device+0x1f/0xe0\n[ 0.414540] __driver_attach+0x88/0x180\n[ 0.414540] bus_for_each_dev+0x85/0xd0\n[ 0.414540] bus_add_driver+0xec/0x1f0\n[ 0.414540] driver_register+0x59/0x100\n[ 0.414540] ? __pfx_virtio_net_driver_init+0x10/0x10\n[ 0.414540] virtio_net_driver_init+0x90/0xb0\n[ 0.414540] do_one_initcall+0x58/0x230\n[ 0.414540] kernel_init_freeable+0x1a3/0x2d0\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] kernel_init+0x1a/0x1c0\n[ 0.414540] ret_from_fork+0x31/0x50\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] ret_from_fork_asm+0x1a/0x30\n[ 0.414540] </TASK>\n\nFix this by calling deleting the current vq when request_irq() fails.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-37353"
},
{
"cve":"CVE-2024-37354",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we're logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n >>> print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-37354"
},
{
"cve":"CVE-2024-37356",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);\n ...\n delivered_ce <<= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n memcpy((void*)0x20000080,\n \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n /*flags=*/2ul, /*mode=*/0ul);\n memcpy((void*)0x20000000, \"100\\000\", 4);\n syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet's limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n 10\n # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n </TASK>",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-37356"
},
{
"cve":"CVE-2024-38551",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Assign dummy when codec not specified for a DAI link\n\nMediaTek sound card drivers are checking whether a DAI link is present\nand used on a board to assign the correct parameters and this is done\nby checking the codec DAI names at probe time.\n\nIf no real codec is present, assign the dummy codec to the DAI link\nto avoid NULL pointer during string comparison.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"NONE",
"baseScore":0.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"None",
"category":"impact"
}
],
"title":"CVE-2024-38551"
},
{
"cve":"CVE-2024-38552",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential index out of bounds in color transformation function\n\nFixes index out of bounds issue in the color transformation function.\nThe issue could occur when the index 'i' exceeds the number of transfer\nfunction points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, an error message is\nlogged and the function returns false to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38552"
},
{
"cve":"CVE-2024-38554",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev->ax25_ptr is set to null.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.1,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38554"
},
{
"cve":"CVE-2024-38555",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n<IRQ>\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n</IRQ>\n<TASK>\nasm_common_interrupt+0x22/0x40",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38555"
},
{
"cve":"CVE-2024-38562",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: Avoid address calculations via out of bounds array indexing\n\nBefore request->channels[] can be used, request->n_channels must be set.\nAdditionally, address calculations for memory after the \"channels\" array\nneed to be calculated from the allocation base (\"request\") rather than\nvia the first \"out of bounds\" index of \"channels\", otherwise run-time\nbounds checking will throw a warning.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-38562"
},
{
"cve":"CVE-2024-38564",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type <> attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38564"
},
{
"cve":"CVE-2024-38577",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow\n\nThere is a possibility of buffer overflow in\nshow_rcu_tasks_trace_gp_kthread() if counters, passed\nto sprintf() are huge. Counter numbers, needed for this\nare unrealistically high, but buffer overflow is still\npossible.\n\nUse snprintf() with buffer size instead of sprintf().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.4,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38577"
},
{
"cve":"CVE-2024-38579",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":6.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38579"
},
{
"cve":"CVE-2024-38582",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n nilfs_segctor_destroy\n nilfs_segctor_kill_thread --> Shut down log writer thread\n flush_work\n nilfs_iput_work_func\n nilfs_dispose_list\n iput\n nilfs_evict_inode\n nilfs_transaction_commit\n nilfs_construct_segment (if inode needs sync)\n nilfs_segctor_sync --> Attempt to synchronize with\n log writer thread\n *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy().",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"NONE",
"baseScore":0.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"None",
"category":"impact"
}
],
"title":"CVE-2024-38582"
},
{
"cve":"CVE-2024-38588",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n Read of size 8 at addr ffff888141d40010 by task insmod/424\n CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n [...]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x68/0xa0\n print_report+0xcf/0x610\n kasan_report+0xb5/0xe0\n ftrace_location+0x90/0x120\n register_kprobe+0x14b/0xa40\n kprobe_init+0x2d/0xff0 [kprobe_example]\n do_one_initcall+0x8f/0x2d0\n do_init_module+0x13a/0x3c0\n load_module+0x3082/0x33d0\n init_module_from_file+0xd2/0x130\n __x64_sys_finit_module+0x306/0x440\n do_syscall_64+0x68/0x140\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n CPU1 | CPU2\n register_kprobes() { | delete_module() {\n check_kprobe_address_safe() { |\n arch_check_ftrace_location() { |\n ftrace_location() { |\n lookup_rec() // USE! | ftrace_release_mod() // Free!\n\nTo fix this issue:\n 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n 2. Use ftrace_location_range() instead of lookup_rec() in\n ftrace_location();\n 3. Call synchronize_rcu() before freeing any ftrace pages both in\n ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38588"
},
{
"cve":"CVE-2024-38598",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix resync softlockup when bitmap size is less than array size\n\nIs is reported that for dm-raid10, lvextend + lvchange --syncaction will\ntrigger following softlockup:\n\nkernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976]\nCPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1\nRIP: 0010:_raw_spin_unlock_irq+0x13/0x30\nCall Trace:\n <TASK>\n md_bitmap_start_sync+0x6b/0xf0\n raid10_sync_request+0x25c/0x1b40 [raid10]\n md_do_sync+0x64b/0x1020\n md_thread+0xa7/0x170\n kthread+0xcf/0x100\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1a/0x30\n\nAnd the detailed process is as follows:\n\nmd_do_sync\n j = mddev->resync_min\n while (j < max_sectors)\n sectors = raid10_sync_request(mddev, j, &skipped)\n if (!md_bitmap_start_sync(..., &sync_blocks))\n // md_bitmap_start_sync set sync_blocks to 0\n return sync_blocks + sectors_skippe;\n // sectors = 0;\n j += sectors;\n // j never change\n\nRoot cause is that commit 301867b1c168 (\"md/raid10: check\nslab-out-of-bounds in md_bitmap_get_counter\") return early from\nmd_bitmap_get_counter(), without setting returned blocks.\n\nFix this problem by always set returned blocks from\nmd_bitmap_get_counter\"(), as it used to be.\n\nNoted that this patch just fix the softlockup problem in kernel, the\ncase that bitmap size doesn't match array size still need to be fixed.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38598"
},
{
"cve":"CVE-2024-38599",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: prevent xattr node from overflowing the eraseblock\n\nAdd a check to make sure that the requested xattr node size is no larger\nthan the eraseblock minus the cleanmarker.\n\nUnlike the usual inode nodes, the xattr nodes aren't split into parts\nand spread across multiple eraseblocks, which means that a xattr node\nmust not occupy more than one eraseblock. If the requested xattr value is\ntoo large, the xattr node can spill onto the next eraseblock, overwriting\nthe nodes and causing errors such as:\n\njffs2: argh. node added in wrong place at 0x0000b050(2)\njffs2: nextblock 0x0000a000, expected at 0000b00c\njffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050,\nread=0xfc892c93, calc=0x000000\njffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed\nat 0x01e00c. {848f,2fc4,0fef511f,59a3d171}\njffs2: Node at 0x0000000c with length 0x00001044 would run over the\nend of the erase block\njffs2: Perhaps the file system was created with the wrong erase size?\njffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found\nat 0x00000010: 0x1044 instead\n\nThis breaks the filesystem and can lead to KASAN crashes such as:\n\nBUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0\nRead of size 4 at addr ffff88802c31e914 by task repro/830\nCPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS Arch Linux 1.16.3-1-1 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0xc6/0x120\n print_report+0xc4/0x620\n ? __virt_addr_valid+0x308/0x5b0\n kasan_report+0xc1/0xf0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n ? jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_sum_add_kvec+0x125e/0x15d0\n jffs2_flash_direct_writev+0xa8/0xd0\n jffs2_flash_writev+0x9c9/0xef0\n ? __x64_sys_setxattr+0xc4/0x160\n ? do_syscall_64+0x69/0x140\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.1,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38599"
},
{
"cve":"CVE-2024-38602",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issues of ax25_dev\n\nThe ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference\ncount leak issue of the object \"ax25_dev\".\n\nMemory leak issue in ax25_addr_ax25dev():\n\nThe reference count of the object \"ax25_dev\" can be increased multiple\ntimes in ax25_addr_ax25dev(). This will cause a memory leak.\n\nMemory leak issues in ax25_dev_device_down():\n\nThe reference count of ax25_dev is set to 1 in ax25_dev_device_up() and\nthen increase the reference count when ax25_dev is added to ax25_dev_list.\nAs a result, the reference count of ax25_dev is 2. But when the device is\nshutting down. The ax25_dev_device_down() drops the reference count once\nor twice depending on if we goto unlock_put or not, which will cause\nmemory leak.\n\nAs for the issue of ax25_addr_ax25dev(), it is impossible for one pointer\nto be on a list twice. So add a break in ax25_addr_ax25dev(). As for the\nissue of ax25_dev_device_down(), increase the reference count of ax25_dev\nonce in ax25_dev_device_up() and decrease the reference count of ax25_dev\nafter it is removed from the ax25_dev_list.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38602"
},
{
"cve":"CVE-2024-38604",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: refine the EOF check in blkdev_iomap_begin\n\nblkdev_iomap_begin rounds down the offset to the logical block size\nbefore stashing it in iomap->offset and checking that it still is\ninside the inode size.\n\nCheck the i_size check to the raw pos value so that we don't try a\nzero size write if iter->pos is unaligned.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38604"
},
{
"cve":"CVE-2024-38610",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()\n\nPatch series \"mm: follow_pte() improvements and acrn follow_pte() fixes\".\n\nPatch #1 fixes a bunch of issues I spotted in the acrn driver. It\ncompiles, that's all I know. I'll appreciate some review and testing from\nacrn folks.\n\nPatch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding\nmore sanity checks, and improving the documentation. Gave it a quick test\non x86-64 using VM_PAT that ends up using follow_pte().\n\n\nThis patch (of 3):\n\nWe currently miss handling various cases, resulting in a dangerous\nfollow_pte() (previously follow_pfn()) usage.\n\n(1) We're not checking PTE write permissions.\n\nMaybe we should simply always require pte_write() like we do for\npin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let's check for\nACRN_MEM_ACCESS_WRITE for now.\n\n(2) We're not rejecting refcounted pages.\n\nAs we are not using MMU notifiers, messing with refcounted pages is\ndangerous and can result in use-after-free. Let's make sure to reject them.\n\n(3) We are only looking at the first PTE of a bigger range.\n\nWe only lookup a single PTE, but memmap->len may span a larger area.\nLet's loop over all involved PTEs and make sure the PFN range is\nactually contiguous. Reject everything else: it couldn't have worked\neither way, and rather made use access PFNs we shouldn't be accessing.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38610"
},
{
"cve":"CVE-2024-38622",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add callback function pointer check before its call\n\nIn dpu_core_irq_callback_handler() callback function pointer is compared to NULL,\nbut then callback function is unconditionally called by this pointer.\nFix this bug by adding conditional return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588237/",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-38622"
},
{
"cve":"CVE-2024-38623",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use variable length array instead of fixed size\n\nShould fix smatch warning:\n\tntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"CRITICAL",
"baseScore":9.8,
"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Critical",
"category":"impact"
}
],
"title":"CVE-2024-38623"
},
{
"cve":"CVE-2024-38624",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38624"
},
{
"cve":"CVE-2024-38625",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38625"
},
{
"cve":"CVE-2024-38628",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"NONE",
"baseScore":0.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"None",
"category":"impact"
}
],
"title":"CVE-2024-38628"
},
{
"cve":"CVE-2024-38629",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Avoid unnecessary destruction of file_ida\n\nfile_ida is allocated during cdev open and is freed accordingly\nduring cdev release. This sequence is guaranteed by driver file\noperations. Therefore, there is no need to destroy an already empty\nfile_ida when the WQ cdev is removed.\n\nWorse, ida_free() in cdev release may happen after destruction of\nfile_ida per WQ cdev. This can lead to accessing an id in file_ida\nafter it has been destroyed, resulting in a kernel panic.\n\nRemove ida_destroy(&file_ida) to address these issues.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-38629"
},
{
"cve":"CVE-2024-38630",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger\n\nWhen the cpu5wdt module is removing, the origin code uses del_timer() to\nde-activate the timer. If the timer handler is running, del_timer() could\nnot stop it and will return directly. If the port region is released by\nrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()\nto write into the region that is released, the use-after-free bug will\nhappen.\n\nChange del_timer() to timer_shutdown_sync() in order that the timer handler\ncould be finished before the port region is released.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"NONE",
"baseScore":0.0,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"None",
"category":"impact"
}
],
"title":"CVE-2024-38630"
},
{
"cve":"CVE-2024-38634",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port->lock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it's taken by explicitly doing\nthat. Without it we got a splat:\n\n WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n ...\n Workqueue: max3100-0 max3100_work [max3100]\n RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n ...\n max3100_handlerx+0xc5/0x110 [max3100]\n max3100_work+0x12a/0x340 [max3100]",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38634"
},
{
"cve":"CVE-2024-38637",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: lights: check return of get_channel_from_mode\n\nIf channel for the given node is not found we return null from\nget_channel_from_mode. Make sure we validate the return pointer\nbefore using it in two of the missing places.\n\nThis was originally reported in [0]:\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"LOW",
"baseScore":3.9,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Low",
"category":"impact"
}
],
"title":"CVE-2024-38637"
},
{
"cve":"CVE-2024-38662",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:bpf: Allow delete from sockmap/sockhash only if update is allowedWe have seen an influx of syzkaller reports where a BPF program attached toa tracepoint triggers a locking rule violation by performing a map_deleteon a sockmap/sockhash.We don t intend to support this artificial use scenario. Extend theexisting verifier allowed-program-type check for updating sockmap/sockhashto also cover deleting from a map.From now on only BPF programs which were previously allowed to updatesockmap/sockhash can delete from these map types.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.7,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38662"
},
{
"cve":"CVE-2024-38664",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:drm: zynqmp_dpsub: Always register bridgeWe must always register the DRM bridge, since zynqmp_dp_hpd_work_funccalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to beinitialized. We do this before zynqmp_dpsub_drm_init since that callsdrm_bridge_attach. This fixes the following lockdep warning:[ 19.217084] ------------[ cut here ]------------[ 19.227530] DEBUG_LOCKS_WARN_ON(lock->magic != lock)[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550[ 19.241696] Modules linked in:[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96[ 19.252046] Hardware name: xlnx,zynqmp (DT)[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[ 19.269104] pc : __mutex_lock+0x4bc/0x550[ 19.273364] lr : __mutex_lock+0x4bc/0x550[ 19.277592] sp : ffffffc085c5bbe0[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880[ 19.356581] Call trace:[ 19.359160] __mutex_lock+0x4bc/0x550[ 19.363032] mutex_lock_nested+0x24/0x30[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54[ 19.376364] process_one_work+0x3ac/0x988[ 19.380660] worker_thread+0x398/0x694[ 19.384736] kthread+0x1bc/0x1c0[ 19.388241] ret_from_fork+0x10/0x20[ 19.392031] irq event stamp: 183[ 19.395450] hardirqs last enabled at (183): [<ffffffc0800b9278>] finish_task_switch.isra.0+0xa8/0x2d4[ 19.405140] hardirqs last disabled at (182): [<ffffffc081ad3754>] __schedule+0x714/0xd04[ 19.413612] softirqs last enabled at (114): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c[ 19.423128] softirqs last disabled at (110): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c[ 19.432614] ---[ end trace 0000000000000000 ]---(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"HIGH",
"baseScore":7.8,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"High",
"category":"impact"
}
],
"title":"CVE-2024-38664"
},
{
"cve":"CVE-2024-38780",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:dma-buf/sw-sync: don t enable IRQ from sync_print_obj()Since commit a6aa8fca4d79 ( dma-buf/sw-sync: Reduce irqsave/irqrestore fromknown context ) by error replaced spin_unlock_irqrestore() withspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despitesync_print_obj() is called from sync_debugfs_show(), lockdep complainsinconsistent lock state warning.Use plain spin_{lock,unlock}() for sync_print_obj(), forsync_debugfs_show() is already using spin_{lock,unlock}_irq().",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-38780"
},
{
"cve":"CVE-2024-39296",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\"). Here are the relevant\nfunctions being called:\n\nbonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n bonding_debug_root = NULL; <--------- SET TO NULL HERE\n bond_netlink_fini()\n rtnl_link_unregister()\n __rtnl_link_unregister()\n unregister_netdevice_many_notify()\n bond_uninit()\n bond_debug_unregister()\n (commit removed check for bonding_debug_root == NULL)\n debugfs_remove()\n simple_recursive_removal()\n down_write() -> OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n rmmod bonding\n bonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n echo -bond0 > /sys/class/net/bonding_masters\n bond_uninit()\n bond_debug_unregister()\n if (!bonding_debug_root)\n\nCPU1\n bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval. The same oops can also happen if there is an error during\nmodule init, so apply the same fix there.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39296"
},
{
"cve":"CVE-2024-39301",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req->rc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as 'tag' and (just in case KMSAN unearths something new) 'id'\nduring the tag allocation stage.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39301"
},
{
"cve":"CVE-2024-39362",
"notes":[
{
"text":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39362"
},
{
"cve":"CVE-2024-39371",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for non-NULL file pointer in io_file_can_poll()\n\nIn earlier kernels, it was possible to trigger a NULL pointer\ndereference off the forced async preparation path, if no file had\nbeen assigned. The trace leading to that looks as follows:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022\nRIP: 0010:io_buffer_select+0xc3/0x210\nCode: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b\nRSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246\nRAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040\nRDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700\nRBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020\nR10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8\nR13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000\nFS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0\nCall Trace:\n <TASK>\n ? __die+0x1f/0x60\n ? page_fault_oops+0x14d/0x420\n ? do_user_addr_fault+0x61/0x6a0\n ? exc_page_fault+0x6c/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? io_buffer_select+0xc3/0x210\n __io_import_iovec+0xb5/0x120\n io_readv_prep_async+0x36/0x70\n io_queue_sqe_fallback+0x20/0x260\n io_submit_sqes+0x314/0x630\n __do_sys_io_uring_enter+0x339/0xbc0\n ? __do_sys_io_uring_register+0x11b/0xc50\n ? vm_mmap_pgoff+0xce/0x160\n do_syscall_64+0x5f/0x180\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x55e0a110a67e\nCode: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 <c3> 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6\n\nbecause the request is marked forced ASYNC and has a bad file fd, and\nhence takes the forced async prep path.\n\nCurrent kernels with the request async prep cleaned up can no longer hit\nthis issue, but for ease of backporting, let's add this safety check in\nhere too as it really doesn't hurt. For both cases, this will inevitably\nend with a CQE posted with -EBADF.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39371"
},
{
"cve":"CVE-2024-39461",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign ->num before accessing ->hws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of 'struct clk_hw_onecell_data'\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to ->num being assigned after ->hws\nhas been accessed:\n\n UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n index 3 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]')\n\nMove the ->num initialization to before the first access of ->hws, which\nclears up the warning.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39461"
},
{
"cve":"CVE-2024-39466",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/qcom/lmh: Check for SCM availability at probe\n\nUp until now, the necessary scm availability check has not been\nperformed, leading to possible null pointer dereferences (which did\nhappen for me on RB1).\n\nFix that.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39466"
},
{
"cve":"CVE-2024-39467",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.5,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39467"
},
{
"cve":"CVE-2024-39468",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix deadlock in smb2_find_smb_tcon()\n\nUnlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such\ndeadlock.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.1,
"vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39468"
},
{
"cve":"CVE-2024-39470",
"notes":[
{
"text":"In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Fix a possible null pointer dereference in eventfs_find_events()\n\nIn function eventfs_find_events,there is a potential null pointer\nthat may be caused by calling update_events_attr which will perform\nsome operations on the members of the ei struct when ei is NULL.\n\nHence,When ei->is_freed is set,return NULL directly.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
},
"remediations":[
{
"product_ids":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
],
"details":"kernel security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1836"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":4.4,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.aarch64",
"openEuler-24.03-LTS:bpftool-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:bpftool-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-debugsource-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-headers-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-source-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-tools-devel-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:python3-perf-debuginfo-6.6.0-33.0.0.40.oe2403.x86_64",
"openEuler-24.03-LTS:kernel-6.6.0-33.0.0.40.oe2403.src"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2024-39470"
}
]
}
Reference in New Issue View Git Blame Copy Permalink